4933790d31309f8a45830ced6af21ab59bcd07cb800d08151add37d1b68223ac

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f9c792625805e615b1a654887abc0b6_JaffaCakes118.html
Size

148KB
MD5

0f9c792625805e615b1a654887abc0b6
SHA1

2d17c9016ba188bf359310fca9893c5a54cec17c
SHA256

4933790d31309f8a45830ced6af21ab59bcd07cb800d08151add37d1b68223ac
SHA512

912632953d9086795bf0ed16b0504a551d7786839c136e6af98057e3c24cfcc44574dd954104647e466e0980effcf36bf3108516e1cde94075dcd5671245f322
SSDEEP

3072:X2AnkH/P9Ut/iUYwoiyH5UGbjko0A41VhvND:ycO5U

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
2064	msedge.exe
2064	msedge.exe
3668	identity_helper.exe
3668	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3416	1660	msedge.exe	83
PID 1660 wrote to memory of 3416	1660	msedge.exe	83
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 4988	1660	msedge.exe	84
PID 1660 wrote to memory of 2064	1660	msedge.exe	85
PID 1660 wrote to memory of 2064	1660	msedge.exe	85
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86
PID 1660 wrote to memory of 4552	1660	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0f9c792625805e615b1a654887abc0b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bd946f8,0x7ffe3bd94708,0x7ffe3bd94718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8489117887902382481,14844696511883743435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3c3c7f5f468a812f8f5965767ac313db

SHA1
f60df41eb41e8f4e54b6c7cab5e57729734453c0

SHA256
959a1f6dc85cca79fe47645b6d223c90ed80ef27748429622bda88ebe104efdc

SHA512
51306eabd7864440e3e92c71c94e7f3505fb777ea13ca08773991691a34fb37bb8c735c24cf42cedd6ffceb5c174f29930a227d82dee9c6b2508a06340bb7807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
802B

MD5
0b3b1d1024554ac7e3ef210d9c20dec7

SHA1
c075bee96fa8bd400ed59589d54d9982e44d0081

SHA256
ca43ca2b31e1b610c875c35b4de4b40b8b5d389bfc951e5a77824daf71fdd05f

SHA512
aa165ec863a47d6c3b54bd4298b79f0ddd9352b1182e5896e48da6a50b6bd41fb2513d2fd72fdd3ecee3f605ae7da855d468c4889c03ba2fdcee40d1c7afc9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2528c44bbbd16be43cfdfbe3c97f8197

SHA1
3623bf2138378c80eb90bd47e851c7d02de6c7ed

SHA256
8e7779230b23612bb002f70a26f6d68853242c1725536952194e933e3b062e97

SHA512
483196d3cbab9ad28da32d05029842b46d41b6cb564983fc566b63b19b947079c352353b5079f8abd8d80ab0ca185b9343b133575f4201e36e7a4f133d1ef79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
138086255d04e33f48add73a9557d5ce

SHA1
3eaf6bb0f037a8b80dbca731d81f828fb7a203bc

SHA256
9bafb7ca98b5f82cfff5385c5b732c93f8ce446fbf98dc6933dcf3644aeb4003

SHA512
59b3f9b5e49dcb5a08560d92685577f9b0f8e160c084af336f7919c0d97a075e3fc7b2a40d60e82583fa175f254d44fb7b0c029d26ea7e3ed0713bab46e130b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dbe3e49e863190a8f1494f2d971c72ef

SHA1
8e5e834e8459d18a7ad5202681fc32153eeb4bc9

SHA256
96e0d75489390f8c502281f2570581e35278dc887e6dd9efa2165097e453bcf0

SHA512
f5aa796de5a68c85d43e78ab0d18ab4d2c84c461556d713b67aaaec49469c9c9f00bd30730273edab8be0f9028f65a59fc4e1cfb616af4cb88f3d720098b2a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
08613ca49ea49f9452f087ee120e54c6

SHA1
963c3da2b6efa389d4e860bcdb7191c09c6b79c2

SHA256
25456b7179afece7df64d6859cd0c7c94b18390e5d4e746f00235b439aa4a120

SHA512
79fc24b825d88dd2ec08c8273467450d50e33a82a2f3bb70958813f88c3729ed9cffb99e2f8386c8bb576534be55483d1849f20230ed65ba4600f99969ed5700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
e1668622a8f61b240e76dcbd23a34c71

SHA1
38867961b7fbf3de37e1f6585a4f14b284bfa1af

SHA256
f36ca911c0fbe075e818bff92b69e1bc2fbb60af6652a4ef7ef6ec89af5c5ed1

SHA512
ef708ade7b9c5870fecf47fe58b8473419c1131fc5fb34715594ad383ff050895a6ecbc0c21df676442d32841b6d01b37aa8f6fb4096f8e39c2de42688bca9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a345.TMP

Filesize
204B

MD5
ced2f3f6ef96fa4a671476588cc522f6

SHA1
74b3f18194e123c902176056a042acdc7899bb10

SHA256
1ce66812f33c497802dc268061f27858b249314362d8c855cdf6d99f1527a941

SHA512
30314c5251583e75e81f83e2447f40ebea0e5c37326eaee8c77b75d1958a456426524bd9b93d801024a5e1d0531cfc479d26ff038b20660cea9e1c24e21fd895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d925b678b05eb51833e627fa28730ef8

SHA1
d1be1ff3b45c78130e4b41ebada42eb179e6eaf9

SHA256
e8306b94830812c356aa5a7ec1f000053cd489ba9d22182320c75c7a9f3610cf

SHA512
d12310471859887c79a2a7b7d9641d70f12de6206718b2e47551249ff4d8cb65a8e13ec5fdd0153a81c5bd54a741eb874cabd4f5bd18ac6bdd16569b451a1a1b

Download Submit