fc5b8b8a9c09ee76c85eb4e0c2684f41528bc7684a633908839e9d67ec15d8a8

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 11:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39bf549a269b2733e28fe1cb83bcf88f_JaffaCakes118.html
Size

91KB
MD5

39bf549a269b2733e28fe1cb83bcf88f
SHA1

5f432efb45fa8b06166c30b8325004bcf6a5b20e
SHA256

fc5b8b8a9c09ee76c85eb4e0c2684f41528bc7684a633908839e9d67ec15d8a8
SHA512

a6818fb1a252f3321e67efefff5b9e6fecaf2078fdad88d2369805f0e2809f943c74f599f5352d780c4f2d9cd7ff6698f877e1465a18c42a8df09566e2dc9dd2
SSDEEP

1536:nov0W7h8HA391LMEdH59RjKN1Z7MEGi5riFYnoipaRwZMKQH8+QsToQAER7N3MrF:o8N1Z7MEGi5rg2paRwZZQH8+nkQAERR8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	sites.google.com
8	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3536	msedge.exe
3536	msedge.exe
3820	identity_helper.exe
3820	identity_helper.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 1192	3536	msedge.exe	83
PID 3536 wrote to memory of 1192	3536	msedge.exe	83
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 4040	3536	msedge.exe	84
PID 3536 wrote to memory of 3500	3536	msedge.exe	85
PID 3536 wrote to memory of 3500	3536	msedge.exe	85
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86
PID 3536 wrote to memory of 4564	3536	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39bf549a269b2733e28fe1cb83bcf88f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06ba46f8,0x7fff06ba4708,0x7fff06ba4718
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9069978823365758702,4739166001694473903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e7d480e4f2a8d76a9c169be59b132814

SHA1
ef654ea44dc697e00331d2dca30066f1bf915963

SHA256
89c8bfb6a252c1c59b252053bc3ded0ce1dff0990e1bfe5e3621d73bc1a30a41

SHA512
e4985cbb25e6dc55529469b17057404984d833fa0c32d060842d9ef088b37284af6a6e27aca86ec0d4eec0216d2089f2f3c40387f304035ffb849ce7586aadb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cbe781f3e6764f87a543d8ffac09b5b1

SHA1
c59dbd0e8cd50b6f829ab1596c612865133cbb05

SHA256
d8633dc5e4523d7f283158ce4a02823819e9aa11fd5c5d138e7ca6df951407ba

SHA512
f06714dd583dc02a31365322caefc620356cceebf0eb487b0ec300d5c1e0ddf52f6dbe1cd3c7ec9de10b53b6efe1ff2de051891084ac8e7666678de61addb0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
b9ed862e63ca77ac58a35019d4f37771

SHA1
b2f29324a4712612064e22dfca1ef2814594c484

SHA256
52c6828443aba0e9dd4a7d66983a74877d86575f8ec4abb4071915f367781f36

SHA512
989a5d97a64111ab26a5f060a277180d02789490e84c2aefcea4d015d1a590253ec782ebcb61fcaee8797514795ba7e5d077301fab6c0e1552db0b39f041a1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9516711c95e500a15a9087ba129a52

SHA1
0fc5edcef4b85850a198614f8472b0422364129f

SHA256
b675222458c2cc936d22c5737f3a1c15656b1b9655402b0f06d63bbed13a172b

SHA512
ffb3ad3a96ea4b4395737849892fff756fe443cbac54c8c8a180228300513a0be38f892044de8deb4ff5d861c19b649b3d7463fad6fdc7e2c7ec2e265bf24c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a7132184abc1c69f5d077b903de66996

SHA1
cc55ecb059668aa7ae723e9e70d057e0e7848629

SHA256
0c8d8f43067017f4a4b4d85f1fa87e0230d8c916c0c831cac01fe5ae9f3037d0

SHA512
e6d012aad1c5b963dd699c66cde1c48eec2dd54bba44e5c5f7a5954d10652e347163a783810518f3d5d322303c08935583eabaf37dde24641231ea17fc163fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3f114cae5094d20ad04b0b03c972c3e

SHA1
9241a7866baac73cd4732d27818be4ea1e31ae6a

SHA256
f7bd77be7177e5d1c4ece1bc4c2e203a06d026390fc29dffcf3379044e63d60b

SHA512
f474c440c71b98e96065ca0a158ea7e20d98700ea9ebc5fbc8559de7544d1778d1f0db09cfe21a74ff1a7ed78ed547524452130a33435b6615d11b1ffa110f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
abfd5d4ccb1f5fd30274dd33d4cc0711

SHA1
6cb80ad23cf2e6c30a405381059a7c5d320f336d

SHA256
54fa4aaa2b9cb5133e5c389496ece6144b9e9ec7217f81ddbc7765780786f73d

SHA512
9fb5dea935178a4e1af6742b889998a68c4a19a7c0b5cb06dc8e35ec11f48d04f84800bfa09cba0c65691ca29e682c34f6fefc4397f0f645d18515d7d3dcf182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ddd8.TMP

Filesize
537B

MD5
07c5c54df29121c606dcdba098946011

SHA1
490fa3893252e870fbb509ef86dcd543d8050963

SHA256
7899a7bd44ee2fd20dd7773687796fbc1c5b3f3dc31b30faf0b205cd6a5b097f

SHA512
ac2e694c1a55dcd0a628d0709c38c7fec4e2d9686bc14d812ababefd5e1934041b57544796b24525669835f511faef9484e681f088f29c5b94182893732835c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
834e995cc3bf0ca4693ca592a703d244

SHA1
e5d9e18bc458691522a634a1b8e1ed9b0b2c8fce

SHA256
4f60a71133582b366997172c1c0e5145fc98ae222cdbc4b6cae7cb51a6e3b1f8

SHA512
6d3daf535249fd92a6edf460c12c43f820b6cec9b446edfd063113634fabd4e7a167607eed8f87d6a636f1c86ccde693aadc1f0b6feff511e7f1faabac6b66f2

Download Submit