087423f0e692b0ee19faa4f061002bd3e091cbec3f27a5e79e3c95fa6efd23ca

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6763cf9320afb11303592115a3bf8d0c_JaffaCakes118.html
Size

29KB
MD5

6763cf9320afb11303592115a3bf8d0c
SHA1

ecf906f3a0037e830ec6f699a73fb2108102ec62
SHA256

087423f0e692b0ee19faa4f061002bd3e091cbec3f27a5e79e3c95fa6efd23ca
SHA512

568ff84b10799943d326711806a0bed1f23e1500877c2f01a22492ec4c8c176b74c884c24bf291c345bbc639e2472d4251b60053c702d8e6f8a49b4be5adfa66
SSDEEP

768:8mvXvV6qDVO7Vdnujx9JKo7zFuMJYoOmjWDupIH+Y/KqT:8mvXvVlDVO7Vdnujx9Yo7zFuMJFOmjWl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
1220	msedge.exe
1220	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 1924	1220	msedge.exe	83
PID 1220 wrote to memory of 1924	1220	msedge.exe	83
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 424	1220	msedge.exe	84
PID 1220 wrote to memory of 3936	1220	msedge.exe	85
PID 1220 wrote to memory of 3936	1220	msedge.exe	85
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86
PID 1220 wrote to memory of 664	1220	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6763cf9320afb11303592115a3bf8d0c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd4718
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,2431310721672656639,7812465976585963114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6286c999-d5f1-4bd4-8165-79ef16c012bc.tmp

Filesize
5KB

MD5
2073e56a3e7eddedd89e6677b77f9fc2

SHA1
d31bf5f5840740d51e5eb89af1b823329ea14fad

SHA256
70bc37ecd35c91918b0b1bf6fac2a972db18a6da0a23c067b14d895b14f1dc4f

SHA512
0fb0698fd563bc7637769ffe1188b186a30cec6ef47315d843fe4156c18ad094fd7900057d484454e19939439a05e1cb9a6f4b6a97b78a261921067c642741bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
75f1a8ed6170c9268c2d2cd63e03f8a9

SHA1
bb1252548f6977b7f526a01ed6b4f46bf61c0e9a

SHA256
3f79e1da61c6e69f51117a659fd914326d6d0d5ecb9fc1da472c7db5268f261f

SHA512
f286257afc581420f27dc005c2a8be2696247606f2c885a73d62e6e96820e4f0da164fe500d424080f65fb8462cb79ed559c56429ce42bdecb007e96abd10518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6347fa0e889988a94ed3f86544bf1c6c

SHA1
529b4ac173c9a80c9c8eae9ce536155b17c9dc3e

SHA256
29862b48abfed985cb38c2927c37bff44894b8c48f87be8e54db7bebff236a90

SHA512
79ea82e2503ad5c8f99bb62331f6db0e413621cb4a50cd64a6d794cc8552d186d41ad815a547ae1beb9329fd9f7760cba1f9622b3f6295e2803c08ada7d0efa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64eeda9f73148715e6873c0cdcd2fb5e

SHA1
8c0ffcabb5840cec9f67061f4a090d7318c9a17a

SHA256
e8c27bbeda5c6400180ebbd44becbf2615ec76c144b4fc8892da6dc435c7323a

SHA512
6f432228044f41e2a4171c75ebd8e2584ed9c5104dc87de3474f10264dc4b6f7b44760334eff3d68edc0852a75b5570d47682c600bc55eec1cd0026dca71d161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c99042a4cbfb2971bf3a8caef851dba0

SHA1
afaa5e720353b7676998a7ff10f635dc76ff0694

SHA256
86d4dd617be36b2841efb82f33fd57d6b31360a406d6a3886db38d0883dacbf2

SHA512
9037f37e08b411bbee762cdb0a76270aa8cd6e25b3693abb0951eeb8d6a1221ea41b0cd285820d388db65b169e85ec60c765cd2631ee79321320d3a06420a691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9071eb7c7804903a09f92e8746c8217e

SHA1
9396dc70216641c5e1acd5c3270c398a71cffaa3

SHA256
c05cf877127455185f70469903858c35e16c93f10f1ec33fef2f71603765ad22

SHA512
41b71b1e40c5766cc14b1aabe8c04987faf9b790b40c9d7b7e3606bc5f53f2d574856b9592c4421bfb262c797b304ea861e4067b6f44259de0ad4d02cfdf3231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2d5.TMP

Filesize
707B

MD5
c29b40bfd739484af849eb57f8744c09

SHA1
8f5a4230a5db225abfa05aa2e547f2859e824a30

SHA256
f5ece8ef5f3505b492350b092bad8cdd751bd3b73062c24bfe5b23dceb82743b

SHA512
0ebb14651da7eac364b18f7e01b531db1eb08eaed2482614a161122913ef06afa7d1044dbd884efe0b1b5e4225e29bef24477a06d35ab17a7ce73fc6237a1343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66be2b11b20b0b66c272479da7eed75c

SHA1
454bcac2b3bb75ab1a30688faa26c3e8d8fe6467

SHA256
c45e3c845c6b816ac8172cedc4deb253e5e4507bcfed5f894a8166cff49c334d

SHA512
d31634fa8938d41b9a9dafc8987230aa0f0e21b54595e801de2fd24e2b45f16e0500fdce8104eab592fdbb9f04a52071c17ca856caa36786eaa9108521ca194f

Download Submit