de07a23ab9555f0565207e96a45aa82f0f3f7cbdd7724fafd27208719548fcf4

Analysis

max time kernel
138s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7006db622d14cab81b06f9fc3e28ca71_JaffaCakes118.html
Size

45KB
MD5

7006db622d14cab81b06f9fc3e28ca71
SHA1

750f28da5fdf7e8a8f2554323e7b99b604297c03
SHA256

de07a23ab9555f0565207e96a45aa82f0f3f7cbdd7724fafd27208719548fcf4
SHA512

337297c818ff0274d01170d82dcf757e5c1815dd02eeb78442ac384a6ff3b084d59999cc0bd2e1f58730b0fa575fc1fa19ecd5d8b150fa5d7e0db4d03cf12a01
SSDEEP

768:6dNwlWmp1AUBV2rBeRjLYLpz7pR22B47dY7kQllRtE7PCRM:6dNwl7AGV2rspYLBNR2biIuE7PiM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
312	msedge.exe
312	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 2396	312	msedge.exe	83
PID 312 wrote to memory of 2396	312	msedge.exe	83
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 2828	312	msedge.exe	84
PID 312 wrote to memory of 3360	312	msedge.exe	85
PID 312 wrote to memory of 3360	312	msedge.exe	85
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86
PID 312 wrote to memory of 2364	312	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7006db622d14cab81b06f9fc3e28ca71_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb42bf46f8,0x7ffb42bf4708,0x7ffb42bf4718
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7139543991226418823,18398903613051894556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\80dfa808-83ae-4673-a2f4-c106dbc3f5ff.tmp

Filesize
1KB

MD5
515069455cc054d5950d3ef065ab0fd8

SHA1
c7cd1aa4ecf4ebaaf2ef23f2c8a3ed29dd17a389

SHA256
2e138074479ec59004dd810c4bacc1f616d873bd23386d83170348d806099d61

SHA512
d2ac129379797324ebbbf6fecd7bb9ced04576b889bc870c886a46bd75ff5babbaf1e118d4b3c1e092d018815561f2231db3a9f10b99067a6ad0fb513397564b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a755cc42c234fcecad01573792007d15

SHA1
f30283f10f127df1e026a924f362e748e371cb82

SHA256
140d71e10423efd23cdd8b6699bb60f5106f08322b591d114610f469d7de365e

SHA512
450b28ef86c53c106f25b88116b6887d8e586dd27da5ce5e46cd677fbc7896c239ef189525f2c263108e749bbbebffe9dc76ba94f592eac5d770f0b043c72dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5a33b127832192052e8729bf58707f71

SHA1
9edf79c446f2fc5e3de24a5c35a170d424d777ec

SHA256
7ac6e29d8c67f2e7b1927aa7fcc56929fa62db85f7c68e7a169789250e128176

SHA512
bc9331da9eec464f276a5e74d9a2965cb7fab63090170d4c578aa189b8aecdf520efd4a3a4841dcb6e96e019bdff64e3498c5bb13cd8ea138756d60a7c2c2e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f786290ca7481c1e8be45c088928874

SHA1
b30969670d69fa3351a1a3f7a7914be62d1a8d6e

SHA256
ea0b7ccb3a8e539c611ec5a8caf35e5251a45e1896c29d902d9f418e8e9c8560

SHA512
95b3162600fecd264372f339334440fbf9c77aa747187ddab3ace15215c3662d1e849e8ee5af7e2b5ef6cf9f2cfba7c43d47df121788af93efec651f6ca95130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d62a9eac963f61d4c5810ab23e1a55c

SHA1
6c6cfd1a8e043445815110f509037fc3f2d25896

SHA256
34bcf10b717d052120614bfedc2df70f97da65899506e446df50009282b9de1e

SHA512
e74a1909c713b3aba2002d4226306beba3afe773f8968b072e7de59414475762cf466117bcf9c3d69c5edf842912c8e882fc586e0bb3507c7707774cea7cc2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64780580ea25bd8408a6492154f5dcba

SHA1
4e064378bf67c24b4ff783cb46eb9e0b007618ca

SHA256
68d6371487e0489f0c4d1599cf6e01a7eaeb1d2e87a8295cd3fb9f0f35d86f88

SHA512
9454bb0e5ad7ec7ab5890d8fe2947d51614f23057b688b238c562a1139a08509860a2a0d9b405cf0bfde97d32c3f4c55911f84d3e32e5186741002a9452748b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2e294f68203cc30bef882cc82e2c7c3

SHA1
6b49498c7f7c730bbab8eadd4e37b6ed1c88336b

SHA256
37e43b3012806cbbed555c418fc2f830b922f4c57a0786f43f21b4b7fc76a178

SHA512
497da3efdbd4dc47009ab8d72d8bde2eae9cf3a49bdd9696f04102535971a430326a391cd049dd6c8bce8c71fdc04cb4c1df6f69280551918598e3ae77cc6d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
36ec25f40edf0f7be0279978ff1059fc

SHA1
ebd1e43cb78f91ea5a2b02af4287b098c40b74a4

SHA256
75ad9f0711862114ca343abab2a1892df4e7881142f4f6134a63af9ddcab5c72

SHA512
582decc7f6fe393f666746d43ad4e8960ed917b8a6ce896ed04803933d8761bc9c2075b720e2de47b903a13be42d61c64488bb906a4dada36aa71e183806f7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e82d.TMP

Filesize
532B

MD5
3db3e47f1e5e62d69ee9110b099fbc15

SHA1
6264e01c1294a86d94b6d160c2b57209450b13da

SHA256
218b621b05497564e67c07f48f8cb11b0a1165c0a1bd425767fcfbbc4a263dc9

SHA512
33410fc8c9616b83e62b89b1784262c2181528c416b0de697805410ba2c7a82b25ab28981c7def778020d18d2523663c52f373e47164eb4ac6b069375f834883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef1518631a83748f5de3c48c64442924

SHA1
4bedb49ce98d7aaca3c7511b3f3963a31659ef45

SHA256
056e6c6e66a1ace553083602a939f0f38f65fa04d98134e2edad4618282d4526

SHA512
e4a99c354f7450907b570b19ceccc4179d7d3ad043a5a3e699a240ee5b6a9982d4d2d84789eb383d4b70e45eba4b1f4a03378db3dbe597849593bd8d482035d3

Download Submit