7518de2f33115a376c106f670ea2d7acb6c6cd016f6d87fc7b14dd786fbc71ff

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd78ef159809420b793dadbd64a0fa03_JaffaCakes118.html
Size

80KB
MD5

dd78ef159809420b793dadbd64a0fa03
SHA1

78c7145f2e5e9d30ea5c745d83d17ac33558d59c
SHA256

7518de2f33115a376c106f670ea2d7acb6c6cd016f6d87fc7b14dd786fbc71ff
SHA512

c257074b089af2396d92e6810105b729a24f0a40ac7e74a7dbd9ad2064f73a1c9972fb3d1241af509e65bb02165f6ebd107a48e4dab5867e4b1948eb9e0ccf02
SSDEEP

1536:r60GuMxNdEqPGKM6BCdnyEhV8SPb76iqy3685aV3tcWgAB0w0w2t/hW:20dfqPGV6BCdnyEhV7b76iqy3685aV3v

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
412	msedge.exe
412	msedge.exe
3868	identity_helper.exe
3868	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 1892	412	msedge.exe	83
PID 412 wrote to memory of 1892	412	msedge.exe	83
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 2904	412	msedge.exe	84
PID 412 wrote to memory of 888	412	msedge.exe	85
PID 412 wrote to memory of 888	412	msedge.exe	85
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86
PID 412 wrote to memory of 4748	412	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd78ef159809420b793dadbd64a0fa03_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff4718
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3016048920650526786,13374325587368434043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e83fbea50bb684341fad599ac7903ccf

SHA1
9bf29739aa5e6589ad47ba372b3776d95667bd2f

SHA256
007437bea48d66db8c42c34be0bf0cd1b603c0201244a89980aa02fee59c6b8e

SHA512
b7f7a728770cc53a26c8bbeee7902e6c020b82137259ad905952e356252d6d0564c4185cf8626680c49bf60eb9ad42709403103a03d0c307fa6535530e7c1110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4eb94d9bbb211f02cfaaa4e9a83460b5

SHA1
3c019c3b564cb0219b4c5a1a1edbd6898e9fc868

SHA256
fbde3e26ad92862338e82f122b8439a18c832345ee120fb94341171342259b63

SHA512
8972927683a78119f31ffc6bc2f41556401d79f84e0006d2acfee08621d3a3ed25b9442109e59329d6e59920d14de60fd60975f1a7e16d2e6ca20bbc5627ef1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
71737f6a396a0560e03ded0d8f3d4cd6

SHA1
68f2c5a37f10fb78d7871feec7347aeca1ff8181

SHA256
665242559b08ec6458932b40d3898453d9047043fb08165b32b6e51a94f4f114

SHA512
52f6bc7d659be9f8ad589a43baa7514c23643e27fdfb89fae0845b97bdf144b9a3f5f75c523105714d383eb0368bb565dba6df02f1edfeb30e4c5257a70c9761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a48c09d3f1c63c3ae24c23e5f64da31c

SHA1
86ba4f42d3b8fbef909c5dcc4ecee53352f31c2e

SHA256
f39169129b2c9c9379c571983861d405cd1905cbca4ea29c79ebfb2feed3456b

SHA512
405b7d38fe2a39245780bb400333f9752a0ec3610b866b5e5b95e90348e16fb6194be057bd05df05d08f9343673cfdc38a4e409206b39e483277552cdbdb90a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6b48b4963a20119d2f0cca2fba1e46b

SHA1
f0ccbcfb7b700cb2977b1d4e3a1dc11fe38dc706

SHA256
abe1467ac462675c5e3654f1076eb4999c110992d0b8429c70d29743bde0ff26

SHA512
533cbb9333bd675f6d170ce71c2e2ebc2c7afffbba745d151c441041fa590e3f9c2c80da284d0b394afd00c7a0e613204fb03582d7456d791404325edb04e0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
592007c146cbe1b6836aed99fbb33c3f

SHA1
7ed849f62c8a73a3d10015583493c224a612b471

SHA256
299814abc4c34ef424ce97684dcc60c46e46000e06c9cc4cba6385f4e67fbc1c

SHA512
224bb49b7a6eefbea57a241d1223430c296d67998055027bf1899194ee0f1c18f7ba11771b4b11a44c97ec582b8654b4788bcc4283e27a8ef4cafc9b26edac6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
d8557b2a89bf3bb74d738f7b5ac47c0d

SHA1
7f5eed361b1189056ee299219df4578ffca4e835

SHA256
7e4a67d8d921f5c0581da0c0d266fcc24fbf2a1ffa4a31e6cc105e87db6567e6

SHA512
747e1425668f338356b13f00c342b09b95c66ebc655ff9484e9bc62dfba2f43921cf88bf666b5cae80f6533c3c173468655926dc85eeb5545517a1971c11bddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587a8a.TMP

Filesize
203B

MD5
0caee13aa75425604200a189b168d668

SHA1
de1ac2c0eb1810e476b905a9831494d847161613

SHA256
5365a125917d83283550d3f2f81ca1e22097b6c599d1e0908eee2141ebbfe857

SHA512
a7e424cb69954e04dab7b3f5a7155c10d469a2eaf2edbac8abe1758bacf56f45cd68b09a1443a3b28b10f78db68254b6fc11993926636c1c12de0850a8eda58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cdbae262bf67bfd413ec5a8a0d04db9a

SHA1
8e92ec90a7995b8af1a5d85886a699dae3cf1ec0

SHA256
4dbe7cb4b9577623b515b0cd275925e6f05509d396fd668d5e58b6b58b103834

SHA512
87cd43cb84ec542e310c50f68b01a730a92226e52bd6eb789d22e681f6c82918624765c4771b4540d62c0ae11e4487b0e3aacabdaf0efea01f97c9aaa913cd2e

Download Submit