6c6f23b16476b841b86c3c837f3bbb25f4f6347e2d291a5679fa12ee02e54064

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16df47e8da239b2070e35d9a744fb8e5_JaffaCakes118.html
Size

79KB
MD5

16df47e8da239b2070e35d9a744fb8e5
SHA1

3315b2a39282720a90a6973a9977595f0f1a5467
SHA256

6c6f23b16476b841b86c3c837f3bbb25f4f6347e2d291a5679fa12ee02e54064
SHA512

2dd52576b14a304389eee8de900da1a96f09716d1289417111190c57f48077fda4161f5bbab11f8887408dd483ee018cf278dae8360ff744cacdd0477512015c
SSDEEP

768:Mgt66EJjFDAxIAXfRDP5BQuCaxK9Zcv4/gUyFD+BDchN28+2h/icsEic:MgspAxXfVBBLCZZIl5hN2VG/i5EF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
212	msedge.exe
212	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 5072	212	msedge.exe	87
PID 212 wrote to memory of 5072	212	msedge.exe	87
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 2124	212	msedge.exe	88
PID 212 wrote to memory of 4920	212	msedge.exe	89
PID 212 wrote to memory of 4920	212	msedge.exe	89
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90
PID 212 wrote to memory of 3148	212	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16df47e8da239b2070e35d9a744fb8e5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4d0346f8,0x7fff4d034708,0x7fff4d034718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1528 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,7790587379907618233,13307340498394656066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x314
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
7a52fcc85d5e30e34865e906a344812c

SHA1
7eef3c17d2e24459a9b91069ea746290d295e13d

SHA256
17dd14a65a563ebb3a90b98ad413733c8ae58a5c873d7117fcc40224e5d069d2

SHA512
fa67358507a12f05ff31110deaf57be243cee94daf896aeda4708bab59edc3b6a08ba36f16748d8998c3630c204d0f11e25520af2f67cb0c4dea229b78b1c0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
21e4185d6cd7f68c7a4f7114f56857b4

SHA1
3dbf5d6bde53ed626f513a49570eddbed9a4a72b

SHA256
4e261d99d91a7a4bc3a0f8b2d38c33e34e6538616308291b46c2b1aa206c90fa

SHA512
7df6173bf957c68203c6fb06c0eec1e45d6f577fe39e6f7b66eafcd1200a46116521194bef1d64084d4c328efde42238e445c7cc3b2d137ebd41e624921668bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d25dce1347df87a5c801cf8973296f19

SHA1
628d7b1ef59beb92e72b764869d3783689db1131

SHA256
fbe386d05b405163f7d158dde83c1e068ba719471bc106b7d1a218778d1164bb

SHA512
fde127f345767b8b70d10b1ee42a85cb75d0ccc03c177fe38374b5314644aed3e617882afdf4e4c4e04022770fa70a664a9e68ceee01dfb414e4f51559dc88aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
72770581ec1d78d02c4c8fc556d752df

SHA1
8902619b1acd2692db107fc2017b064ab5541f0f

SHA256
4e4ff546169c49a605882578ca583490b168499cb0e4b7723ab030f306e3841e

SHA512
8faab5e415caccc748c620cc3b57a3d3494c9b8dcc68ee5fbbe3430aab25e1d02c9ad1daf0b7701ce49f6c1657726fa3d3d6337f83fa832988cf1fe934685a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2c21c6762f4a36890f729a52414db89

SHA1
7dfddb647ea71a2eb7e815d53d956064e7ec3cc6

SHA256
ce13766c0f7f2d274130bf23c2e177053d2fa1f88a37fd04cd9dfcca274de379

SHA512
ea21d1f15df5c2b04bf904219de5b966857688372e64ae407628190bbcd03eb5d482ab2eb671ece21c673e89527cd47ab148533a0b282c8915603c1aaaadbcc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a9721913265db243c40296c9bc9d42e

SHA1
7eee692f788258269dc7dd6f02b281b5b1bf9c8c

SHA256
7b7f0019bd32272d4641307a83aa1bfed6eb1bf83147f6a6d5cf5b1f9b9076da

SHA512
fee306574f09df4cef3f00c39f8468d6a587bf99467c6a3c8f7540006c9dd794ae46a1357d4138808ca15fabe196295184a5d8d3f43bf2871fc68d5683f154ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60402773a4fc42912d25aacde86cfb6f

SHA1
9f614f1957518951bbe8ae06809ee70b0d239247

SHA256
8675a50637a65060664b19c2d902310bc5b82e818dd50a64a2fd53ee726fe16d

SHA512
4f61c1ae0f0b80deecb5ca4c320c728bd3f0e5f1fb98a344683d39cd36458d9cdd1a693cb12fdc7da0c5ac833ac10adaad4ff91622aa0e69b841377872883d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
59a259559f32a673b7197eed183d15cb

SHA1
16aa58b20ed25b041edc746992e30251e61604ba

SHA256
7da6a1486f73bca9b727e73d4335ddb7af787e5216f9794f3e1ac84e5c99b6c1

SHA512
31a7b175877a7aa12166216dde3040c85d9615b3c96833d44a86f9f9dc47968dc2eeaa9de9c214ff45c3027e34f2c834032a20b4b4693d6aa6e8b6ae24045874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bd7d86b89c7222ab981544d0c829bb3e

SHA1
2aca3d35b77bab0d1a748a08ff8222ba8ffa1c60

SHA256
c1f13c55fa96cd8b26734ae64314e91bdeae602b67c4040168bdfa872ac667fe

SHA512
1b631ed38f24b203a4877300ba0b7a393ed1550f7aacdb3def49cb69674f101c02366131a3d6a8324bb91dbc1c012e08ffa63a85b709876669811dfb364b9b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03c3266bfb6d36e6e2e71359ddd63746

SHA1
6b42958b71b8f2e53f73711bc9c084060c0a0bed

SHA256
823e56218ac83bbbe22ba62dba1b4983b323202c954e88d423f6ffaa58adfb65

SHA512
e7456291ffc4c8457daba2fdae8a8d188f3d559efe9e9e95651b95305ff91d9c6932ed28204bb61da2f6e380c35116572634018f805cdcafb1e16e4a19838ed9

Download Submit