a69171f23772deac23273e134987ca965c05e49518b98d8b1d0a839b05a0214b

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 08:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

170589a6ddc8748102d8e210325d5292_JaffaCakes118.html
Size

57KB
MD5

170589a6ddc8748102d8e210325d5292
SHA1

110ae9587061f9b2db146d1e98a8f260b7f87e87
SHA256

a69171f23772deac23273e134987ca965c05e49518b98d8b1d0a839b05a0214b
SHA512

2588b37562ba4e9130cf70cdbb261d482acafea7ae3c5655170270312a9d5b3cbadc505ce10c20b86ff7f138f6c8c5f70622b327df5a63b2a1e5c9e910ceba88
SSDEEP

1536:ijEQvK8OPHdsATo2vgyHJv0owbd6zKD6CDK2RVronAwpDK2RVy:ijnOPHdsd2vgyHJutDK2RVronAwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
2100	msedge.exe
2100	msedge.exe
1476	identity_helper.exe
1476	identity_helper.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1200	2100	msedge.exe	82
PID 2100 wrote to memory of 1200	2100	msedge.exe	82
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 4184	2100	msedge.exe	83
PID 2100 wrote to memory of 3616	2100	msedge.exe	84
PID 2100 wrote to memory of 3616	2100	msedge.exe	84
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85
PID 2100 wrote to memory of 4504	2100	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\170589a6ddc8748102d8e210325d5292_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd45c46f8,0x7ffbd45c4708,0x7ffbd45c4718
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18182978609412284215,3449827151528022827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
d3a99c9db3d08485732b8549984dc6dd

SHA1
e4a0d9d4c04057d5f81fba7676f01b41ffa9e5ec

SHA256
a09cfacef1922245926ec1138352d1dea66b3d518ee88bb739e6aca8a1fcdd7a

SHA512
b80622836abfdecbf6b6d9fdb5fb02ba43c926ef8b9aef046da2723882a4b4a67fb342db90d648ccfa5e90a7b008ff11184871f938a9ac233ec4e97ffaaf45b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ae37dabc2970734e907ead9c6fd0b59b

SHA1
f6df9f5c02f85bb21053efa34fa81b87020c6e32

SHA256
56a9fe8e27804b6a444aa4ebee43c312364132768feab3b2a87b8b4482344fd1

SHA512
5258ad4e1fe23d91599e26dc13c256a79df3634cb08cf9667c76b57aa442dd63660d18220358ab6976420e141f2043daaa4b312edd19f6d330e30e07cae87e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb8bd6a4a2f5de695b7dab0802af05e8

SHA1
e467a2a79e996cbb381f82de4d3c3b84866ad1c4

SHA256
c2b1fcb591d216241578f3bddeae42c3e0d527eaeb2276a9478a092a90820ded

SHA512
be3df1b1b88ef41649475eee8e69763f7be656d3d3b4bc3a635a746926bc24606ce22eb59bf95ba1ab34e0d30cae1d9a3e9da74be7a734634e9a357cf7bee308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
298a2ed05ea9d02ea1ef0c8ca942dc27

SHA1
c777dffe66a57f76f91465e4c9205cf4a613cde7

SHA256
6aa1410a877ffd7a42750045e3db2c39f3b6f894064009cb7a5e36bd033928ea

SHA512
ffbd70dede35ae61428d3d40a65334198d8924f179b6baed13bf1eb1b12d67caba1b290494f106f4d9785ea0b81544190259e0a5143583cccf4b62fb556caae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
7da012537c3b465d139588f6faee27e2

SHA1
294786a8244f7a5fb39437c3077d71d70437aef6

SHA256
1d0d1f7b4ffff84f7f59dd16eb69c823aedbc83fb0b939da05405246448e2e5f

SHA512
b00022a1d446fbaa874727aa37141d45b8b2d1056fb844edf2ca978cbcdc742a76e2cf4a79a9d162c2c7e4cc5e68c0769a60bbb5cf379d6bc2434ad8a4c26199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e743.TMP

Filesize
700B

MD5
c1da2786e81b7dab72802e8a94edbf71

SHA1
7a5c26abc97714c084124a123801531c89483c3c

SHA256
3a8c74a06339cb16b8b237aa0f5d694700b1fcf5d3cf1408152601717ecaef2e

SHA512
a2b2c7e3586cb93ba35cd22036c1a9cf534f6eed31f21a5c18ba7b1a0a8cc6396a030aec64edce588502e8ec28ffa11ef6657242a57330635ebb60b7687814ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b9fd858a5d36614505c6b776afc30930

SHA1
ad702f50f580408c04bdbd234ca1da2d01afedf4

SHA256
1fe7ab71b5991ea0b049d60b464ed2543c306d0ebaa17c3edae401c9255570ea

SHA512
e2825f1fd2c51e3390a591bb3ff3e8751faa639744a07ca32bbaf04d0805dc8cc7987ebeebfec770f94b175ffbdfe438a8b41519ff5ca8d11369aa0abffa4f5c

Download Submit