6c835bf3301ebab3b9f62b0a18e5794fe8835a316ca4cf1683911c6a62b11c73

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

572f3dba93b348aba9967bce3a28d397_JaffaCakes118.html
Size

220KB
MD5

572f3dba93b348aba9967bce3a28d397
SHA1

6a8d7cc43827639fe86c685349f92558519681a6
SHA256

6c835bf3301ebab3b9f62b0a18e5794fe8835a316ca4cf1683911c6a62b11c73
SHA512

8169bdbd46b6eebfffe147a06e11ae699ddf3bf7d0ffdd047932ec8f30e5b34556135235f46e7939eac27f12258544af5861550ae5d5bfd2008717ed7a4605e8
SSDEEP

3072:n3PHWR2hPBW2fhHlrATIWY7RkTPSHSewudt:/HWsFkkX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
4164	msedge.exe
4164	msedge.exe
3624	identity_helper.exe
3624	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 1420	4164	msedge.exe	84
PID 4164 wrote to memory of 1420	4164	msedge.exe	84
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 4772	4164	msedge.exe	85
PID 4164 wrote to memory of 1624	4164	msedge.exe	86
PID 4164 wrote to memory of 1624	4164	msedge.exe	86
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87
PID 4164 wrote to memory of 3548	4164	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\572f3dba93b348aba9967bce3a28d397_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8885846f8,0x7ff888584708,0x7ff888584718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,7824111859578096269,7350579541425995564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4874cc4ec847a3b018dd54c5d28865d9

SHA1
16fee671990703587ad5da98062b34aeeee360af

SHA256
7592cce888b5a35072870d966ec20ec833e801fa9a42533ac5c7e06c8ed8c13b

SHA512
6a39ac2500b59239653de806613f287db6972663fc6c5774984ee047583bdacba4d84dddecbc830f766bf6cea58d8f2422ad3aaea9184f058653e57498fbf8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bcd6fee04dac3f2f1f371b910329ed63

SHA1
4d8767ea891e429d8d192682c55011c084500408

SHA256
50ac89519e430a14a18fb8c5c5b936c91da79118a4f46f25409d5cd0b5d17bdd

SHA512
bbe2cb8a05d89bd556b4a5efbd16dc657bf23bed317a35cb7be45588499f7bd911afe92af04e0148598c07d1000f922c2920d2f9f46c37d6e6d4f1e26d0b3884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c6c98b5f7fc4e158c54a7517608c1501

SHA1
61ef3a05004b12515e2c2deb3289cf42af3647db

SHA256
8fe2b54aa7c2054c731f4a449126851bc7178345e61617b4b30ae186ed72797b

SHA512
5691e7edb0ed9d2a01ca3d7b270030791d41c5765174815882515054d1319955e52c2550be5594c55ecc5a52f2bb3adb0b2a2c02b7350d06920c07a1b2c2ed55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
24e012721f0d832a415d88f2abe51c26

SHA1
8794b5ce197bcf7aeef5cc214186aeed92f0b2e4

SHA256
da4a9c16a1f6b53c726d1ae2712ab68ddf091f815110cd4c755259a3f8ea555e

SHA512
b0a4183f90e1e9903f3d031c8cf135c1e5b5fadd77df14499f22d01192acc0f00f893f8e5038801232c1ee16f2b2176f20845b55508dd987d2675511ca6c7d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9eb4e1655b6a30c4b75f2d2a7105832

SHA1
a65aa3390a20b80d4a2279b2b64b223486136333

SHA256
b4f4ca822173d0b3a0a974266b74cf825ca7f07c1a4abd9222185ec9cf8d5ead

SHA512
2c87b53c489b5b18bff641a7ed4dbdf8b0f27c2661a6f6bbee126137d17a36043a8f438699cd74fa67f415d01239e4ab2f9d669fdd7c5470210c3cf8e77efab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
82895423b259993066203ca2c3f45091

SHA1
056178231b20b1b97b92ef256e2db811aed22622

SHA256
9397648d2b95a27211b161fb772f5dc718b2177606689d1c09b4416cc4862c9a

SHA512
90d87d19a1800abec4890b433f3ee35259df332af8a0f70a887ec23b2e406781024dd41acb0a3344e42c7495cea24422cc2b84d06e0f07ac4856c73dd26ab4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c56eb982-3e4e-4816-aef0-8b8adb857d44.tmp

Filesize
7KB

MD5
aff6ea518131ca24595322d984d6fa64

SHA1
2e84332b5f219a8267269898f226db8353459898

SHA256
6c50c949ac8ecce6fb5576cfbe8e740a300952131ecc5b07e44a35811b352809

SHA512
b5bd1ebcda9f8411d65c3813e88c4ad43f20b12a6be5b7251853a1ae5c7a86d5e29ffd4c683e5441b3174ec887b3697e47b0696832bfa9b43c0cc321a73fc319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5689dd46999f1884a1a60dd8a46e075f

SHA1
f9b962e5695465fddc16d5ef2a58d481aca871ac

SHA256
e2b8ef58ceb7c57feeba5b6a7c46664178f1be6b546fb2f3d4adb5f64a1b209a

SHA512
5a20812716fcaeb9fa81164acecbbe2ede3659956b450166b03e7d94d7b7e85966e6bb92218e64246e2e23907771297734a93fd9860de052704a3d9ad30f5ed3

Download Submit