953d97a0f9535b649856c9dcd0902dc5c3d6f4adc80d789816aa0d032066b6aa

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

554388f639b50840014f109f76c73b1d_JaffaCakes118.html
Size

242KB
MD5

554388f639b50840014f109f76c73b1d
SHA1

c7d41acb1ccf3be6ba21dd59012e8486e78ef755
SHA256

953d97a0f9535b649856c9dcd0902dc5c3d6f4adc80d789816aa0d032066b6aa
SHA512

098d80853041e950aed2fce189e921d39544124b2a6c4835abb10d539423e72a41e45204c51875c03c14ec2615defd2e3209948802237d2b1eaae68c83cb1d3d
SSDEEP

3072:cwWGtf7Zmwt18k3y6enEnFvs+48Nnzxuobdvo6Vodmhs8nodmhljkodmhAq0zmh/:EGtf7Y4D8dmSB1d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
4456	msedge.exe
4456	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4028	4456	msedge.exe	84
PID 4456 wrote to memory of 4028	4456	msedge.exe	84
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 4992	4456	msedge.exe	85
PID 4456 wrote to memory of 1980	4456	msedge.exe	86
PID 4456 wrote to memory of 1980	4456	msedge.exe	86
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87
PID 4456 wrote to memory of 4772	4456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\554388f639b50840014f109f76c73b1d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff094d46f8,0x7fff094d4708,0x7fff094d4718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5486054897741459225,13398359958158613171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c23f5fd3c9ffdd882efdbc51dc9a93c7

SHA1
0d4b435ad53dc0c71833aa6cf1d0b9999c298d86

SHA256
e04272fdc06c46ff763d2e06928ddab09f8eda2733baf6be9b8e46571b374bab

SHA512
bc9669146ab75a5524f3b750dd5bbaa99547823e7a87b85156009b342c0ef829a054f06fb6046819edf70f276293fdc2f84232b9a1784ac8399823a05217031c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2189bb0a3d4067fb6e7104d7c27a3d18

SHA1
f955399aa1d3a317f77505c2333795b5dac10389

SHA256
df19724f65bf1dab5618b231d77002fcb3a6c4e7a096e295b4af53b18c8d7d2f

SHA512
3483d5302c392251f636500d9163482480ce256a22691dfe7f306570f95086b3e03ebb5be5253195bba8aa6da616abec78c358ac92b19b05ebee056e00b9e352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e7ba570a506a4117ec72a1fe518a90c0

SHA1
7e55ad57bcc681287ed087680a1fd2cb3f45d11e

SHA256
33bc1e90bc20d2540c3fcfff22b10ed732a483f3fdd2d2d9d294991e44cd8bf0

SHA512
483c698043df86e413b1adfe60a6f202ccc6a9ddd21c1670f44f1c4667157e5fe2b5b433cf03c08233ebfe9bb49b80e5aced31e64f0673c926a6792716a09b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03fd183ccd952ec88296edcb74b471f5

SHA1
1f19dea8707e1938285c0289cbec4b401c52c5d6

SHA256
3fbf6f186f63047258a2ffc39316079ea97f2ed6b7ce84766ed50579810d96b7

SHA512
43d9ea3f39d222eb663cd1e7ee261426cc8fefb25ce5adc7afc3b1890dd6e5683929960a98b64617d677e19bd46ca9ca20908c653ffad105994fd0e06c145351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d034fe17ceb96de06a6b5122a7e48e1

SHA1
44282e8e0f32ad35d6b1bc31320dde240fd75489

SHA256
646fcbe2c589d73045df39133a2b5aedf4c55c271f421ccd9ba24b8aaa453886

SHA512
d7b030fb90cb59540a581899a513e9ecc2e4e50bdadc2b4aba3e3891327afcc274bab62d5e0eda3bc5b27e39ae6c529a61e085fa2cbe73f437989779987c81fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb7749e06ecd11ed9c10c767a6779e54

SHA1
6542742c3bf8abb8fde52194ec68dd499e9ab7ef

SHA256
cdd3aa2e0b89be740ccfa5f08c04f82f398955c817a07367238eed59564c870b

SHA512
e9ac1d36217b52e97054f2e95f65a5e4dfa13d2ec9c2d1fbdaab7be7ce8d69ee91807aaed5440c68464f6ce4107296c16b3b1913bbc4e718bef25284aeab1918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
9b90164f00dbb04c881db60856bdd20c

SHA1
b59d466c9c9b6cc7540b21e666ab7a217342da13

SHA256
ffe22c3de824cf1f234e5bd48a8cb3d90f7b290ed7d1b28ba24e90a84a7c910d

SHA512
fc381e8a3b7c61830027a0e97e46dcc80ab4fff8199bd728682b61c2e1ec362722e0d4274b68d788c6dc6b2bb30a00448fa232818e2362a612b462dff0035a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598f27.TMP

Filesize
706B

MD5
bd69c403af9d179c7055519266492beb

SHA1
8447ec55396f9d27f81d2cdc884422a94a592d42

SHA256
4144fd62b0cc60981582b3ef2091f2cfeafd73729ed9627e3ce5e56e9e7c4773

SHA512
3770cf36d563481bdc3a58361ced791599d72b99910527e0283f14564688152e02980f99468fdd823738fecd7be4205a7db241d2f0a28035f0a6395d4f722e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1d93b87ecdf835aadbd00e80e312b14

SHA1
258780a128779996f0f87a5b462da479cc0c2158

SHA256
8143ceda1c620bb756fd8c68829e56db2057a0665ec15e62a4636738791bb0e9

SHA512
a7ed1bbf7eb0496159d0a8deb77d4da01d7916d7bc12fb987c9f953715c321cd362cea623307147abcece266cc59c71914fa101c642658dfb235e8b673f42800

Download Submit