fb764079d9f887b9bf3679b1614249a00489790b662e89a64885fdc7289fbf0d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_70a26b37478c12a7c77605a0b7a31605.html
Size

94KB
MD5

70a26b37478c12a7c77605a0b7a31605
SHA1

861e83e37c1a5d4534b5722635f54b9b065c5762
SHA256

fb764079d9f887b9bf3679b1614249a00489790b662e89a64885fdc7289fbf0d
SHA512

880e839db12210abb9268c4461d3cb01b37030954630934cd63a3c2e9b86c14cc30ba20ce5768e8019450d36053815a5369ac4ffbf2836e31497b4a678598e65
SSDEEP

1536:UT9G7NlrNh3fBSkhHodehyyvb7gfTvjlPttxKX:UT9G7NlZh3fBS0HodehyUb7gjjVttxKX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
4736	msedge.exe
4736	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 548	4736	msedge.exe	84
PID 4736 wrote to memory of 548	4736	msedge.exe	84
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 4260	4736	msedge.exe	85
PID 4736 wrote to memory of 2072	4736	msedge.exe	86
PID 4736 wrote to memory of 2072	4736	msedge.exe	86
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87
PID 4736 wrote to memory of 3968	4736	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_70a26b37478c12a7c77605a0b7a31605.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9acd446f8,0x7ff9acd44708,0x7ff9acd44718
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8789346261597961293,3224711699767487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
010f6dd77f14afcb78185650052a120d

SHA1
76139f0141fa930b6460f3ca6f00671b4627dc98

SHA256
80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

SHA512
6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f09c5037ff47e75546f2997642cac037

SHA1
63d599921be61b598ef4605a837bb8422222bef2

SHA256
ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

SHA512
280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e6cc333-90cd-495d-bdcc-c85816efd12e.tmp

Filesize
6KB

MD5
435c947d9aafdda08dee7ab3520e16a8

SHA1
86fac12995e4e6264e9b564c2521137f73607bf2

SHA256
0b7e4de2f64bb6910c855d6c563f8cc5c50b69f9542492044fe5a2113d6523e0

SHA512
0567be60ef2b40631f519e924871690075cd4f60e81d742172a8cbc346232e82e9f30431119e899f0ae8d5fe2932e5d350c69d7ac2ef6df9952e4bcfdff619ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a07b933f71112866b2664a34b7e930c6

SHA1
0b6cd5d454c212bb9844b47f9b8e33efeb4c83b4

SHA256
3fdfedf4a838f8b2fed527f8adeab20ef8e0de443f528a981246237f7911715b

SHA512
061860ac81ac19a1653dcefc24ebfc4c3e0a9013e352741766f0df5ff21cb337a347d85037d34901d006f3f74c50fcc6aece6fd1ac0be2d8f2fa3caa58abfb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f34c0e0673f89d1688387c36ea47307e

SHA1
8fc75f09ccde1b59c9b7ca8b3f5dd6b33b661852

SHA256
abde6b5b324e54564ca43e624e34b68d862b4dba959ea0c6575f440b0b47b07c

SHA512
9d1a11b39035457f339f10339d571e535f9447c6bb7ba765a7758d896e408c960c0e714f12793aa80e6a7b129c4f92421dd151174716fa41fe99d3d0e1480a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59fbea14ffef53a3104ee5e1b0a2644a

SHA1
7d9352fad7cf0534c448860839b9ca623ab73e17

SHA256
39a7c71a1302626331a4e90e72e60ab1d72dfcff7dde071204fc95a576fed8aa

SHA512
8d84c8c18c8cd53be0cfd028756c835f8f940082285b13e7450f71d26e238d1a57463476a56ea0a183cac02af0eef047a9c1b07388a9fdbe4dab670403fe76dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc638e88e0fda5f62fc84066570e6ce7

SHA1
2a3e07be0712eadd72c03b04c39f9aa5f22f3f84

SHA256
8178a5bdbd1bdc0b9bc188a923fb2f5a34e54008e061fc6140eda663411388e2

SHA512
9d047d92147f87b684d062e39b0e86b830c7dddfa7134589673dbd5c605616a61573ee86ece0cde66aa4bddff04a19f2ef12e3e15d9818f3683f8a804dcfa10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eec5.TMP

Filesize
203B

MD5
de3b14092468ecf255d08bc9a4784c66

SHA1
68ed6db733af2e10cc1307cd08533a399f6a5bbe

SHA256
a1f233d234cb3cac6c172a93a404788136f8212430bcb227d86eead20f395382

SHA512
d5adb3776182cb0a5d0a4be9e7b9249ab9a86ddb1d0a660fbf5d5aa206ff1e1fe4775ec828723379aeba3025d76637415bf8da46b87c791a2b07eae63b13b7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a67eeff9511306959a521e1e3ad091d

SHA1
e0a15543b3df8e88f24426bc622a28d5263d44a7

SHA256
5e6c815c139dae587d25e81f5befdff30e3be45c3daaa84547b78ee51c05745d

SHA512
5a6dbd029df5f3c846e6f5431f191c1c54e00a4357d11157efee0d17051be60e8ed7dba3363565db93f5e8ab3f80495af4ae008111105d9105afbeaf588694bc

Download Submit