a17b958f663ae8f7c723df13ca854232ebf367327efbefe0cc0ac2dfe6a1e641

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b87b0cebef0666fba4c3e115a2383fc_JaffaCakes118.html
Size

90KB
MD5

3b87b0cebef0666fba4c3e115a2383fc
SHA1

01c02e51ddcb23980a913e28c479a768eb3d55e0
SHA256

a17b958f663ae8f7c723df13ca854232ebf367327efbefe0cc0ac2dfe6a1e641
SHA512

b45daacb72a178c96df8cb21ff52b0bb97f9e353159af86c83206e3a95e83d8733c0301e334b3cc7fa3d4fd19bc169175b075d7f0cd2cc81b4ddd91d2f2f7f3b
SSDEEP

1536:ZwvfD3mJgrWVt9Dl5SVXDpEZfkuAcf1HQxnKj+JJa:ZwvfDmDlkXDcfkuAcf1HKni+JJa

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
130	drive.google.com
97	sites.google.com
102	sites.google.com
129	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
2724	msedge.exe
2724	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 5088	2724	msedge.exe	82
PID 2724 wrote to memory of 5088	2724	msedge.exe	82
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 4032	2724	msedge.exe	83
PID 2724 wrote to memory of 1548	2724	msedge.exe	84
PID 2724 wrote to memory of 1548	2724	msedge.exe	84
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85
PID 2724 wrote to memory of 3424	2724	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b87b0cebef0666fba4c3e115a2383fc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2761956018777657539,52027448392517166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93b493c5-68c8-41fa-9a2e-538692fd4b76.tmp

Filesize
5KB

MD5
0b97d1421506a3a36353229f3e8bcc77

SHA1
7b6e3c8361882e0b8b3e9ef0fe2dce241a4f0057

SHA256
a3223b385a9891fd88563857594454d316ff8bd337c0289af7468f374694a461

SHA512
75b41ef333adf0687138e2268f03df72ea7039697d96ea6fd5159a6e404a8eb002cf57b2d23646d92eb7262ba346b8874c1e4a2a5ab423745c858009aa41b78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d55b927099fe7d9a19afa50da82ff787

SHA1
a55f59ea80ea3c8dd5dcba91c16d3d6136c3a043

SHA256
169069eb7e3ba8c4b25c85db4afd5ce6c8e3ba53d07a2233d64c2eceda3af93e

SHA512
5462dc86fe4bf30c619724a4f89db69ebbfea44889dd0282fdcb013bce57f2fcc2ad44363ab8f8f1e651513813546e87f3f12bedfd87f3c4299d9f6766f977af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7d9cec4162735471fbbd89707152be5f

SHA1
8d28245f5e12b2ec807e0df532cdfa26117b5663

SHA256
29f9b4b0c16dad6f616adc305c2fa1c855f67af14134dc44386a3f7f3bdc31f8

SHA512
eda11b82949e0949b220ccdca045c9be0257f4c0c182d80419d0ab19b5d7749f46be20b6406a1c0b5e8d25e111c410729011d46a2216b1e2a8b04970d80fcb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
78cbe6ec8234a6bb6d563c27e5a93b73

SHA1
8ecb5c01364278f903d942adfdf10650710462f9

SHA256
8ab39ea02e226f1639fc99e69c05115b0852f9635aed3286ab20100aa60f6194

SHA512
942d4ca4fa39b644cb7f36881d22a23b56dca3124af75841d95f9304dbce74093d1c3e7700a4dd7228d3c33fc4f63683731446eaa76ca003939e01d20e59484c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
60a831b4758f2fdc910da59f465adbbe

SHA1
2b5d32e1301687a0d2292be8f2ff7fdd035d9558

SHA256
f1d6a02f8e67a2e4ff456875f9942c02736dd6b8ad061276de2e55cf6c71c42c

SHA512
cb16f4ae1500db421527a3e4d1b3ea5b37541b09a661d4113303bc60828e183ef37408a2e4e15d6a4397ddd38ab3d3bccf41158032f7e3141dafc8c5b2767165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65679c53496754e53abb345397a5ea72

SHA1
e6c976a657a83ec4568a66d13d7064bad22bfb4a

SHA256
50699fb02e23e9f8aeecb546fa9b67cb7d109f287a4c65ab55d52edf60284414

SHA512
2ef09759f33265a200cc2d3f7ed61d4dcd60afdc00c25f6fc316073f40e3fe4171243c38e586fbcffe3b76f6bf7a13073daa47518f10d97a1e9d712671d51014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
967f702fa4db72e0b780398609e66088

SHA1
b4c3fb9388d047319807da392cd45b2fb5313d4e

SHA256
f533eb523f1c8eccbf09aeb978192d9110d64252d32638489ec506ab2b7c36a7

SHA512
f8c4d9d7e51ac17a8b5acccd20958981b3f940ee0c26c5d4e6248f57237d5a19556d46a58f1b3c20bb2fd6ea761ece13b8facfb0cf59203917d6f33d350bed76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8d62481dbeafd957c1215bf79ff976dd

SHA1
d721c6a7dae83644100153b215cab24a0d09bfc4

SHA256
f30cdb67f71cf91a0b01680b4a2a95ac914f2090ab241267dc610c298452e13e

SHA512
517dbc0cc563eee5cbd8bb504b91d4df0942c2bd71863466811d3449e3e0b0491476a261a7f8e2d0392f86d5c37c5986aba0c8c790558415476e7dddf643d406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e1d9fc8c448641d8e5c0cbf4933653a4

SHA1
ac3c340638af190d01eab8d9f67e642e9834640a

SHA256
496c764a62ff6ba69d2d698abffb3db7eb38cc88682167a0222e12a7ac718f89

SHA512
88329f3e5c73f6ef0980e67c4e3d08b400c4327322a71d8dd814ce890d34e063170b199f28021749d3cf408a306b2167e0495396ff6924f66d8d5d3fb04b7048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1813c1ee9596622dd59041e0fa27f5ca

SHA1
d04869d48fead12653aaf1eebcedaddec5cbdd04

SHA256
988cecfcfd42f1d038ba6662756514f28bd5f44e3674d882e824a417b83b55bb

SHA512
654862fde4a97fae6114bca935cfb8becb8ae43988f53d55be0d72817493616fcd44bdd4708e297577e2820fe94bbb54d8b77d0649954277a970773e92f2ba70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5583dde209243150e271186cfd8d561c

SHA1
27b4dc9d968a215f6d5dcb6fe578cc095d768965

SHA256
1ff23f7ba5c6b2e2c95c7233a4ab8d265d7386a5e1dc69f57a862e700b65dbb4

SHA512
a8289f73664ff05ebc9c18e54537129503c46e8625686538211e9a7dd6d6141021f484e61d04caccfb46aa7d8fe1df494bcba4c45c7582c2c8163b405ba4f765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b7c7.TMP

Filesize
370B

MD5
ee5ddc961dec5ab09fa5ee3d3e3939e6

SHA1
deab2c5baebe0cad599cfac95586808d0eef1c9f

SHA256
7f0216e91b48dc88d9db5dfa629f958c48506429b1a2e3edfce6f6fd1640fc27

SHA512
93fd30bb1154b5f025245ad124cf421ee238d44468d20760945fbd77ed0505b88fa472079e786a7754fef42272ea8170c6be55fa08d617b2266f2f082cec6eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8ce40ea479f26987f83a991b80edb87

SHA1
b5988974b14d487ef4c1870486e611be80292b83

SHA256
a2bd243c252477a7281539ac10a72b630d67148b7af9762ce489ebd6ad251612

SHA512
40bdee30e1ded6dc37c0c747da21960f67833e02acb65f67772f3b2edb93087c8442b1a7f2b5c5f313ce782db021caf3a0b7198229bb2099dffc22dea39e631d

Download Submit