c19456f849eababe0abcb11843fcef0ad80cae046711dd6786f7494298e42964

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5f1f9df27eddf2db11f9c256a4a080f_JaffaCakes118.html
Size

91KB
MD5

f5f1f9df27eddf2db11f9c256a4a080f
SHA1

c68959e2904c4efa8168128c0c8c867dfa444385
SHA256

c19456f849eababe0abcb11843fcef0ad80cae046711dd6786f7494298e42964
SHA512

4e05ac3c73f75b92d62470b761ae049a411ce4262f12ccc173f9e67c100883907f74d26642cb52de0f3e9c32b26d3a5f3021eca5f9241fb60b6db719c7cbe08d
SSDEEP

768:eCNXPIpBPkHnUOjJ2VaksJIZQnYdM4E5smQw8w7lNLJ+FeYgreX:eGIpBPkHAw84+FZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
3492	msedge.exe
3492	msedge.exe
4572	identity_helper.exe
4572	identity_helper.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 1772	3492	msedge.exe	82
PID 3492 wrote to memory of 1772	3492	msedge.exe	82
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 1588	3492	msedge.exe	83
PID 3492 wrote to memory of 4864	3492	msedge.exe	84
PID 3492 wrote to memory of 4864	3492	msedge.exe	84
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85
PID 3492 wrote to memory of 1576	3492	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5f1f9df27eddf2db11f9c256a4a080f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650446f8,0x7ff865044708,0x7ff865044718
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5877449618212208077,13368958737625631068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0747af22bcb060cdd2ba067e84a0fce0

SHA1
ab09211ff4da8aee59f6d18394c8b443cdf87274

SHA256
05581a64572490da2f2552b1b2d57c91c0000d2fcde557af902a9afab08a8c67

SHA512
697a953e44eaecf11e42d39a3bea2e1e95d9844701f02b1a68fd08d1473dd514480e3c6ee1020a41395a0f8545fd780524931922a40b35afbd3ce477d8de9e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e52710b2bea1be9fe80c3deed844dbc

SHA1
0625b91031ed73bafbb03cae427f99c9db7ab759

SHA256
4b1250242afc41e4650e60624f9b7bca43b5771f7f1a6dc3fc1c5806dc86c836

SHA512
4117198a1ab03492b4983a5bff61647b1752a5b2bf36caee48cedcf93f1cbb8a2c893c78d0312d9d86da40093b27ddcdd19e1bd6f4687223a74462ef921db261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
877d7b8b8119f0996f59521e266772d2

SHA1
d7f552749dd676d81d0e22a327258050bb31535b

SHA256
bdb5f648d899562675252419e4ce87a11390c4497b6a0b08ecb56ec233445ae8

SHA512
675f68f01abccb9ef5039480146527105f16b9e05b64c3761da2da5db9f975e8879ad99945a170e1e174d43c90ae38c0bf2562507c7c8cd9efd145784deb43dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3367a9a215ea96cde6b15ade95139253

SHA1
92c80d4096126c48751364fcfd98c9840e6ea8de

SHA256
0d5643dfbb3c177128193dabb79a2a5b21902eeff12c2c0ee84a21a7a3da7e59

SHA512
9f9449d4116c4fbf3c7bb7113978a297c43b8164e4df6889c14c45986c5f63e17e0173b797c6a97cb84cf3962d3ebbbd61e500c85824bc1b7a9524ba6d32f643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91110fbcda1129f048d914af74db890d

SHA1
7cc0ba6357d1adb87d3c31aeb2522e7b3e5201db

SHA256
0992746d7b493168eb070224744bb5435bd21a8e97b12c36df27e703ffd16884

SHA512
e7465f3d86ebe15b4648383455b5dabc26989c093c8621213128f499d6fa8547318bf6721befb11d770a359153e5c5610c19a8aafb6b630ff09d60213b0ebb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e51408bc7482026f7824064e7430d472

SHA1
8b0310aa0ed449d48a7971b379e3d8f732220cc7

SHA256
eadf1faec9af554c3da9c218d26229498c7258516813791c8b078e1a904cc54d

SHA512
d7d03b43f640eeedf604ffe19ce15c74e02e5c2fd38b1791897f85b5cd421bd4d0cccfb64bccadf494368cc6e9579cd39f6a39290d372f9a7b6bd74270dec4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58631a.TMP

Filesize
203B

MD5
8c351c330c3121ac24b0d75163663fdf

SHA1
b2cfa75e0c218aad559d967303118f4cee5364d8

SHA256
af7880dae26870280821c249600b003c1e03f2cb8cadfad412db61ac2f2f7c5f

SHA512
6ffd320cd0672d8e8ef106dfc0ea64403b1486e2724b7fbac32d013e7d6654465f76ef7c834c3d7994473eb69a5cc36e5a6737a76ff283d4414ba02ed9cd22f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce6930aaeebd22bec709155f7b0fa55d

SHA1
3b3b7c316b1cc0edbe7ccf82967abc6638a88cb3

SHA256
7564225dcff692e8e5bb8a377703a39f15b477eee334fcacf80529b1f97fa490

SHA512
3fa63f16e15d46b4dd593a7fa70decae4b832c8953bb9a5f0b32f22171f8025cac986a760aa0821d056359f496898585bb6edf09499ea59a8153a2a5b5b9620f

Download Submit