e9685748d7cf0413cf86369b7a2a20ddb500611d4e1f44f343f565f193659c4e

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af335308b063c11315d617bc3e28b70_JaffaCakes118.html
Size

45KB
MD5

3af335308b063c11315d617bc3e28b70
SHA1

30aed0751d7b88f3a11e3dfc8bae6868e6ada9c3
SHA256

e9685748d7cf0413cf86369b7a2a20ddb500611d4e1f44f343f565f193659c4e
SHA512

972bd4b10d89d53273b039c6df6ec601a8b729568f0927163b36b6512628a0c0db895489a029093a88b639304dde93c37bf0584e96c623e9ca200d13c63ded48
SSDEEP

768:CDypirSBj5S41p2U2pJH8tcQ2yPnn4Aq3hCh5VgACnpZ4tAfxeWJwPid5jeQgBYm:CgRFSHPU+3hCh5VgACnpZEAfxeWJwPq0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	sites.google.com
16	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
536	msedge.exe
536	msedge.exe
4948	identity_helper.exe
4948	identity_helper.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 4980	536	msedge.exe	81
PID 536 wrote to memory of 4980	536	msedge.exe	81
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 3732	536	msedge.exe	82
PID 536 wrote to memory of 4800	536	msedge.exe	83
PID 536 wrote to memory of 4800	536	msedge.exe	83
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84
PID 536 wrote to memory of 3812	536	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3af335308b063c11315d617bc3e28b70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8267068570131031974,6432513874176542325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34bb3ec6-8a7e-47c1-893c-5d6f50557855.tmp

Filesize
1KB

MD5
f9de1137d0ce7b41d7bed08a1b2b7313

SHA1
4f5e65db1bd7e54c54fd5ddfb5db9ea9937a5f09

SHA256
b7519afc2d9813d8272a36aa689316bb51c5252575cfc9d2fb9d8c404e44f5b9

SHA512
6f78aa71ec8c93b2c1e61e34db4d314bbc30c9a5e84c6ce3f6c96b08eeb3c8ad4253036c24cd43631198612822064acb547b97cea4499b9c7cfab2ffb9047b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bb60526244d703f12c9c4555e6948060

SHA1
7f08297a07900417f7067ec5532e29aaf8bff2a0

SHA256
ce494831e2d6a94ea88a1ef6a2fd371582dc599d63fb98afd12fdc61d5880700

SHA512
d0a6f007858c846fd80cced75e75938e2438ec3bd4a5be351ae4d4551dac6d4a1de74482ec21a8b7a4de0eadfee5348dae83391b19570d2122a436b61df14ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
bbe0bb08d7ac5bf5e19543cf69214b2a

SHA1
66d45f78f27791c03adfd01adb415ab053b541ae

SHA256
6ded74b24b76c33f1b11319449a839ca8a9c1fc6981dcbc13f8be9761ea2d06b

SHA512
0d32ed728de4b3f2c4c9f9d00dc88983760a56f73f9a86bb7a40f9054b96be2a0f4ab8b47e1839d9137fa6b0413ee46e3dcf627148a41bcca8890dfbec828cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9cab94be1901b574c179291a9f49e236

SHA1
cc99ac897bdd643cc93559500c1873b16ffbf57f

SHA256
9d96d6a73d2aa9c952b70a4a39e62eb8a480ce121bfad8585ef6e310b8df8147

SHA512
1fd3b58f39cb8ec49b995d72fc4966b14ec6800d106f6c149ce34391d785d35d4a5d35c7f7466661df0e10618e6637ab289583098c524cdf4654fc60ef0cdbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2c4528dc09f6b1238958fc4a377103f

SHA1
0677982d4437991f7e57ab8d0c5e3e2bbd1a6350

SHA256
9f444b2c136f03ca92954e216f8d9d1660806caeb6bb0b1f08db95517456e94d

SHA512
2f89fb418dd57bb73357056932f80a5bd0207d646aaa799a13d799585ac8a55fa81b2c7c7cf30de43fbee48a28126c0eaea51a6bf78f8145afbfe7cc75af8008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
abdaf22d816f92fb771c6eac0cfb79a1

SHA1
6a7b6f44efab37b29e6bba72a4d6887ecb78d802

SHA256
972564f8650fb0d2f92ccf636f5c748efea4a5e502895b07cd3334514197ed12

SHA512
108af6deb404cccee35a3a697554cba80a7cada73a326efb45db93168793a7d82de40631e10a25b7480ad4d687e6daf2d4e469ba87ad2a7be39d25f5a9902d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581940.TMP

Filesize
1KB

MD5
1c30e56aa87cd41376e07665b4ab6f40

SHA1
afe8ff6504402ba063ede15530a72d436d756015

SHA256
24d4cde5afbe4cd91c06ef682edd1ab0ffd2dfee8e5b12c1cc1e53b95c4df797

SHA512
f252d21883fe7d779a72a803c542eb6f2f9fa8d4826f6d9049114ff67dfcb4e3a2519dfacef8a3c1324c039a754912dc230e2c615aef730f69aaa8b907c409a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed1457fb-9741-49f0-95ae-589baf88f4c3.tmp

Filesize
7KB

MD5
d150f9a9d80259bab7fe6b41c90d36c0

SHA1
6b493ed183486a40014a8ebd85c9116075c5ba8b

SHA256
38978c6a69ac4971c4e1c56e4332b22d0fd647fab026f0eb80c3250708316625

SHA512
03668da5a8b7c8e52dbc141132e78eb64e29a861ddfdc28b0489adcea2ebea0ab6ac7c982e9ffff9d365a854fdd0d80565a0b5e319fa3845fc4c14287fa4ac7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
133771fa584ae94e35c91905f1283104

SHA1
898444d233c7bde8130ec01ec4ce1d4ca7cb20f8

SHA256
bb5a4f0726d7e8ffa053a0ec5a78e2d378c3e261abb61fdd42e7855da2dc71b4

SHA512
fd952b5ef03c45ae2e3961626ecd8c06daf2f66080ab1678181444e9a21f9de7c9dc1d6d6fb55f628657bf4c353763c879630f017236e9ef53f134eea3dddd20

Download Submit