1403b3a8b3fd60fca7631ea5c4534fb7b403acee91fa5dca507f3f2fc1871b44

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 21:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36fc9a230649a4fef578cc5bedd9db60_JaffaCakes118.html
Size

22KB
MD5

36fc9a230649a4fef578cc5bedd9db60
SHA1

ff0d255bdf8bb89c39faf8ea452ccf51165acfd9
SHA256

1403b3a8b3fd60fca7631ea5c4534fb7b403acee91fa5dca507f3f2fc1871b44
SHA512

b308e4d5d8113bc1f0afe85d05869121a2b1419935b551b4b2bf7b001c297472e9369e95baa1db66e7d1a97be89502128a4f0f4212ef98acb8d73e5905e80a36
SSDEEP

384:Se5q6sZyvug+4ubqLm0VpDDAZkDspgP3ZALiVNMYbSoXMxVkdMPxGzzzDslvuJSk:Se5qbyve3G60AZ8Y+MxVkdMP8DslvcSk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
1808	msedge.exe
1808	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 936	1808	msedge.exe	83
PID 1808 wrote to memory of 936	1808	msedge.exe	83
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 348	1808	msedge.exe	84
PID 1808 wrote to memory of 4556	1808	msedge.exe	85
PID 1808 wrote to memory of 4556	1808	msedge.exe	85
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86
PID 1808 wrote to memory of 4300	1808	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36fc9a230649a4fef578cc5bedd9db60_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f17c46f8,0x7ff8f17c4708,0x7ff8f17c4718
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17179027842902731927,14127679860423365939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4e9d8c377a8b4d13c958a9f8d0baf76b

SHA1
0ca44b7f0da779b7d596553690a5819b9e9d9771

SHA256
91c69ff5c975c17c5e06c59e85da87340c8f6ef98f6ed94d02685203274c19da

SHA512
f0acfdbbab3be7d3419d4eb18ba7f28e169861bfa915e3723c7faa13d415f928daa013ffcc83f49b532e54da64129954d30bc27c434c1cde55f495b3b50a1541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
860B

MD5
d28bd9403e0e82951b41a3cb514e7d49

SHA1
8d2d25e594947f930ed6c8046441c7c12a99f68a

SHA256
f7643e423b458f05c379e55d71ec9449081fc5643511b011ec6830ee15a1952a

SHA512
16b34bc613ccba12c8a54c527ff6243ad726c79fc77b79adc1ae523410ec7c8e5570b68efdaf5325e87b72126307cbe33e58cbb43a5fe4004dc26d8c9a690dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02d113bb7dc61f168bca606287e3d0e2

SHA1
fc7a553b8d87af7be0453d3cac4f956b9d9cdacf

SHA256
920cb701861e14a845aea6dccce44d133a788738af2939158fb584eb3f623749

SHA512
a9baf784fe1d624ecd8d194e7d03df5ca3c341508629892395955cf48ef73c3818b5b2acf9ba4a299ae8005ba6f791074b7b8623babca5a08311ba7f8e182ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0123659f05e082fb6cbbe66d9d1adcb

SHA1
cd748a3ef4e86f9895b05f37f5d2994a26268a67

SHA256
8cf9c5d0d351bbc28acc148d48e39f3debc9ec6de796f2c8bc6de25e03611793

SHA512
acc3af85397670f43f8beca925c79e66a03dc44db749ba5f070360a16bb815cb291c9c43fb986d2719e9d857f68b4262764933332e97c06c4b58336344b81111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
6b2c30db4b8d8293cd3e359be1242140

SHA1
2d5ad1540c021b1cff17a66a6c2ef80e3cd1f209

SHA256
69f4d176e831d1c1c3db43848b2c5e88289c130de473c255976b606f5a7c932e

SHA512
7fda5d83a987c2b2db983e1c31d608952fa7d2280681e67dc2d958566bf3823e420177374ebc8e131ce2b1a9c551192c628c013d6cb57d38abd0cdbd49883ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e280.TMP

Filesize
873B

MD5
f6326c5f25b0be34c9978963a465e5ca

SHA1
89be64de9d75bc07a45785ba11771e1bf6bb357b

SHA256
cc1072d0a6029b37a3367e34a815b45a92e58eabea6673dab41ba74331c8f148

SHA512
503c117ee3288da066dc10de0318694c957a451c3008b020172705b02bc1d7a792bb339315eb46ab5341afa150a7e58c6b5dc96142161a34dfa8ec2955643a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e2fb5f5c6933d3f96f80ae0cb98dee6d

SHA1
79b46f0c9d5d9442ab298b81a5ffd8abdbe57d68

SHA256
1714138efd0390a1320eac9bd3c974c8bde8534c6b4b4f2f6e18a2d191c4d4d1

SHA512
59ca3a56064dd7f143513f29674da04e6c7ac6d48317c97cc469482579b581be68979c7c40a14951daf2027cf1bcee943f1fda43b5454db5340e0d1cd4c823f0

Download Submit