bddfaf0c5b9ede299927854fb0c52cc5bee219ce7371248248a3577cc13fc0de

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0844eef94d98b079b19cbc8a1694c99f_JaffaCakes118.html
Size

148KB
MD5

0844eef94d98b079b19cbc8a1694c99f
SHA1

53a875f13322549c92af601355c673b5fda112db
SHA256

bddfaf0c5b9ede299927854fb0c52cc5bee219ce7371248248a3577cc13fc0de
SHA512

dabd1c4c9b16280c845be47a7f1f591417c9b7bec95379c742f50c24f7bf2c361187d46ed4a7969087dd20da3e2591e38e4cffa690c102d32f08390cc15230a7
SSDEEP

3072:7OnSjXBWQTbkyBbT447wwN3J3SYzC8/0XmXscdChth8ZUZXkCEdtMy:anSjXBWQTbkyBbT447wwNoMsc5es

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
2996	msedge.exe
2996	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2824	2996	msedge.exe	82
PID 2996 wrote to memory of 2824	2996	msedge.exe	82
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 1168	2996	msedge.exe	83
PID 2996 wrote to memory of 3872	2996	msedge.exe	84
PID 2996 wrote to memory of 3872	2996	msedge.exe	84
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85
PID 2996 wrote to memory of 548	2996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0844eef94d98b079b19cbc8a1694c99f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbda5446f8,0x7ffbda544708,0x7ffbda544718
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13443494214215674786,741165128321119022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1689fa5d5170033eeeb454132b4b69ad

SHA1
007ce407e3f686896db399022dd2290717276ae0

SHA256
6012b839747ee853c108c2259b344683af4e085f6dead9ef1d9d137fea416ca8

SHA512
d9842a2ccb67c00831c27282149c9dc1a32d3b386592d02c23de7f58cb781b170f1785233f34b7599f5d2e4db8369b9e5bf556f6ebb4f8a320988879ff9c82e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a88df221e3ad609189c55d1c07a9ef9c

SHA1
8c5d487e20ea73b57681bb049a2f1024110501fa

SHA256
fef5ec33790fe1288979d25f410b745830b15d634e3b6632a2a3ec3d2b514954

SHA512
ceb404aef83ef40b09998aaca1e4ac10ab813cc84fa5cffabef2edad3571b5081c91b2739bf6ef68454387317523f0668075f27ac45738834ed3c188f92e8fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b594b5aa479296319b208a3d01b5a7e0

SHA1
c36dd16da5ed09a8f5c24a5329019eedd7443730

SHA256
e26082a862f8c0afd098e759e1e1bb05e9709cb62415b7e4c997339ca6e6c4d9

SHA512
29228055de3dae648ba9402b93c8a53590e3ee9ceecf8558e5107340f038c4dbbb5611944723e8c9f734e4f0689f544881c4651e3c66939d94ddb9e23ea784e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4cf75cbba375eabd6ff51265226bb9a

SHA1
e13ccab5269e4ef6c64fc2e5361d67b7fe8db3ff

SHA256
e391e756474fdb4846ad717fb6553f56f982163bf58591756a456313017285cd

SHA512
c3c64ccc5d2766230b05b29a3d992ed5fdfcdb3a50827e8d41328f255890eb47b19807cc8101d3b12aea4b9b1eb8d5e3a6f3da342ec3d3ae1f5767298c9d0761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7489245c6b29210ad09e64a508054763

SHA1
b6c342885e793e874566338a185d8fd98eea09ee

SHA256
9f8e5f220ee22070108e54a08c333299769137cd498c75e0bacfadeafce31628

SHA512
a64dc70e2d7358eaaf0ed0faa8277eec5cb7f9f9f79357c6b5e77c674d4f17d898e725c0e4daeed9dca1d939a10c8f824d0d0a743c1eea2c034ec1854104e4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9ac29613b518398a73a050766ea9831

SHA1
e6a4a69f3cc7d4f9422e08207e2ebde1bfa2d70c

SHA256
81995f3cbe09e90ddfd8c2f148627a153ae19fb32e29b99d159779d375e4c55e

SHA512
bf5044c0699832ea1640c504eaa85f85d50078d5c6e6b1c17e05259251a2eca1da535ff14b88b7272b3daf7a048d58bc2509c771ddcaa0cf1e9f576dc9ac7d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
3117053856be78dfa789f5145c1d6d34

SHA1
fc9373c73dec202b135e25e8fa142eeb01ee34f4

SHA256
6f3abdbeaab446463f9681b4bbb5a2f912b05b71cbcdf706c20133c64cafc4ac

SHA512
d8f055bf2a3ac08d21d3fd8963a7fe746762d99d89652e232c17f96f2e785347432ad850795591a68e8f9ef634f4274c5c2e06d10a4971e78bb3895636e1b6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585426.TMP

Filesize
201B

MD5
02f21cad14e32d6a74c13525110f510e

SHA1
c00a08e007b282827c720b5aa799056a02f7e187

SHA256
67d08d5bf4409ab30b7f574bc546242357671313daa5e0b268baeba165394f08

SHA512
9ec43aa3ef4f239253f49af5adf1bbbbd3c0976660502ef60403c8f2eec8848f0e5fa406e525deb6652157698c59416939b157c176e0cca9a8de4a7a0fcd0834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a0a31028fd6978ca77a6b405b5b1b34

SHA1
9a8cf6044368c28f2f4b899874d22600a27f59c4

SHA256
5c3e09cb48eb2ad038d23ac9f7dfe563937baafcca86cca7f5cbedaf6808362e

SHA512
0361f08574890480a412e6c5ed4dc2c9ea93ce8898ddf3890c37af8321a58321c2e3ee556902b1e8363e9ab6def18b2b580b03de49a4d130ba8502619ad954f1

Download Submit