8cb05d0c4f103cd5d4bb98f569fd59e7261bc797212a73879f565ed7a85de12e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

27b9f4c6effcca50555ae3a19528da7a_JaffaCakes118.html
Size

66KB
MD5

27b9f4c6effcca50555ae3a19528da7a
SHA1

8b1194ed9eb0b3397a460db6a7a1c1e803a7499f
SHA256

8cb05d0c4f103cd5d4bb98f569fd59e7261bc797212a73879f565ed7a85de12e
SHA512

7640b7d55d032104a14dbe05fcb0a318cb5bc94a5d4fb49f61ef6e122e6471c2d6a56bd20fa7b690914b6d6fe41a8a720d6cadac6d3512eb650d1268c73faacf
SSDEEP

1536:yd/UrFgnKYKnHcvUsPKZj3nvSlkIq0yxlw5sUS/xLUFJSCHtLO26XnQec02Jzli+:s8rFgDkZj3nvSlkIq/Z3XnQec02Jzli+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3152	msedge.exe
3152	msedge.exe
436	identity_helper.exe
436	identity_helper.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 3400	3152	msedge.exe	82
PID 3152 wrote to memory of 3400	3152	msedge.exe	82
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3576	3152	msedge.exe	83
PID 3152 wrote to memory of 3532	3152	msedge.exe	84
PID 3152 wrote to memory of 3532	3152	msedge.exe	84
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85
PID 3152 wrote to memory of 1956	3152	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27b9f4c6effcca50555ae3a19528da7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5ce246f8,0x7ffa5ce24708,0x7ffa5ce24718
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13633548656425182103,11984330143923249765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
776c76f46e90ef79abf580bf9c8dd40c

SHA1
a431eb3b7730a6349eb9933e27a990d20f8914fa

SHA256
10978c9402225cf7b1a92c93dc323412f21ff5dbe71b53c7c6244e36b64df216

SHA512
40c35c96148ffe75671144d3f4cb33f9ed5bed3aa38d97a511692d44c5feae90abe7fb99c4ffbcb74bcb783b11f64b8ca318e4e200e0629d8956c99588d4b39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ee7e0dbf31f6497f8f0e76091f601d8

SHA1
3cd3781e5710fa0e45b8f24cfdce72098c8537f4

SHA256
038f94f7ea1863c9fadd170eb4d1b94d6dbf84d131ecacbac92674b298cc90b3

SHA512
93c6ffd4a35c03fef97d99ba0675443ef9ba06a81eac7ab5e0851e5e3e17932a9ba6d85090229cbbf3e45e97a4f74e7cd5fdf901efec53e70a1e88d8989723cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46386fcf1ddd814cca1b21a7a0f37a2d

SHA1
00642596d20daf29692f7a52796bbbd71b8eac8b

SHA256
592dea2e04796fe25992d21c1da81039a1cabaf45e71a38789b7e3a99ff29cec

SHA512
dad6c1e823313bb4aed9a18f4535f390ea382cad8d9bd97fdefb6047c6a1f95bcb008fc79353376a5da84bab2b0a88ad89b65687d7a54afbff4f647197008122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e99030d2ad11bc829d26a200b355efa

SHA1
3d8860f992504d2dda271e341fe7273a29ad8ae7

SHA256
7f2012cab764f645e012bd707a6309470a91ca04a8aab7be40f9af31e4a9f75d

SHA512
d2eef43b3a58984353af899da641e2f7146a5bcc07dc063541766c7553c422fdfcbcdf2301261183eb485618d4a06fbfb36d09320f3efe63effca078672dd7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73029331fcf9d5f77789d271fa500a22

SHA1
89be117c9d95f3a9c44184808a8078e32c281162

SHA256
5a4d6c1423df69b3605b67c336012a323124dbd00af0e40a65ae6e0a335684c7

SHA512
73a84a4f0b77ff39195769ba07dfdfc94a62ef5b72e93cffd07cb0bb68a687dd847aa5142b69bf73d4b1b658fc442e351b62908f87b926deca9283ae575ec440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
2eba28d7578dc27f036d19e3f34746ab

SHA1
f706d495d4accec174e02edd33caa7f721173bfe

SHA256
e20e1d00f16f949e509aa4ba897e35ff30f892017cdebe7e0135e19156538e95

SHA512
3e576bc6787884e434f532a07004f55b089df109da2ad9561f5e00ab81d44f3b0ef7ae4db724a9443f15875bd55c8e793ff4c916a7b9c1a9aa036436bea22945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf87.TMP

Filesize
203B

MD5
947f2080d5ae823b01d79fcb0c894971

SHA1
b025741877281b023578b05a1ea050bd6976b1aa

SHA256
2b930a682c5be725185793b2d0e4fbb16db40d8d8d8e6eddb21d7eac95babf02

SHA512
63c7789b7c3217d68a553a9496575d26c6307da2527dac2e44cb4892a8c5d6648e2a8f00f2314ee0fad95c3a7c9cf2256d379b20dee21621aacbc85846df0293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d666cbdca0218f0082821408453fa3be

SHA1
317fb172cb8c04c49a933c2624dc866a2e387744

SHA256
9147c6c4bc53aec15e48d788f31165f317f9d958a5b09aac09fbe8726fe3bd00

SHA512
3b939082caa507d8a21b54fbdfc19328f0dccaeafb49bd32934a8550c35e34ade287ab99d89ba25611ef2b69a44e04ba5294601e043ae9229621f8cebe119beb

Download Submit