e486e3391d315e131221321db82976f586f57b7c3a944354ca686d48c65bd104

Analysis

max time kernel
138s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a73863253e596472491a397fcc81427_JaffaCakes118.html
Size

59KB
MD5

6a73863253e596472491a397fcc81427
SHA1

215cdff0c35e244abb3616474eaacb9ab69f4c55
SHA256

e486e3391d315e131221321db82976f586f57b7c3a944354ca686d48c65bd104
SHA512

4a88436ba0a21962035479ebe73f3c2db9dbc9a85219a50bf3fe2a417c408f372624d486769916a3dd2560c486d118f2e2cd8a8c089dce94a1a4454a4e4bf66c
SSDEEP

1536:Ue9jF0IR4mDjIloy4+C/LVdUJIMNr5OQq:UQjF0IR4mDbLVqI/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
3096	msedge.exe
3096	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
3432	identity_helper.exe
3432	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3452	3096	msedge.exe	83
PID 3096 wrote to memory of 3452	3096	msedge.exe	83
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1256	3096	msedge.exe	84
PID 3096 wrote to memory of 1208	3096	msedge.exe	85
PID 3096 wrote to memory of 1208	3096	msedge.exe	85
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86
PID 3096 wrote to memory of 2864	3096	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a73863253e596472491a397fcc81427_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17522140337575816896,1904323647314033433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e46cf218266e3ebbff8c361b5f6a2cb3

SHA1
f4be84f186bfe100af167211df1309a9fa3f41a4

SHA256
5ac6c0c45dd1eb49d07c0b8512b2436af036e66425807ac7e3b243a5d95ba9a0

SHA512
705b1e69c4958cffbe835303c36a29a40d5a44e958b9eb92cd2274b8031cfbb4a7a6001b5b41aa828211461b8b08f3d0dd69480d2e5ca8f25772ca0c69678e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
693910694246cce7a7000517b5773cef

SHA1
d027bd8dbdb63ab85e4b52e8248db708ce60d68c

SHA256
ed5c739ac26427c56993758a4c7000874e071de8083e0ac9760d527160c19ea4

SHA512
a0e9911ad1ea4ceedf02d67af8b1b5b9dd42da855e0755f254fe1555283f969af80ab699bb3ad0cb15d773ee5d5a147a69fc9ec1d76df52244df19aad47f1f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1fa0fcfe02df616f85f409f22e204ae3

SHA1
814f293b748f6c9efd18ee4cdce8541741f2c774

SHA256
8af0dbd4717e700a6d5818feb4b18707bb907fa6194c6338d02b90dd12a0b279

SHA512
7eb2bce05212a22ade6142d5f43bff43d8cba0c46e88aa91a769c69090f781da28b73f8c13586eb7ce953ed64dd3e095730f32d83283373727641bc151a11101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
828255dd60ce5888c639d546640fd5f8

SHA1
d7da196b3c342828288015efb316fce0d031df1d

SHA256
a39bd9ae422889ce347ed3a93585e421655c1d5c49df327dbd68fff898359e3c

SHA512
abd53725f30f0056c744cbeb4bc16620e30d132cf57b138aed2f92b46390e572895bdb3dcd292946e1700b0057e6859edb4fde99e354312989fe52ca4ab16f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a9f7c63406a52b907707ae9d24eccbf

SHA1
674569c8b964ed3406fe789471306804b1e02fb3

SHA256
7c85b59794817ec51d00065aeb6c1a61433931cd9f574e379bd37c97f60ae43d

SHA512
6548f79fb3ccb26d26c0c5dc7bca2e80bcfaccae8e19acaafae34c60d3b544bdb4a26513a55b1066e3314bf114037f96033f5d8f676e571f0aed2d411a245271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be9a9b1d34f5b3d4aee64c0c43ea86f6

SHA1
21a7092b0cdc72d16adcb9db4f608df844dc6940

SHA256
ed383e56d149aaecf42d39d9c1a690e9b6001cbc719c958ce3df693b4ae7caf4

SHA512
989d7323f6c0aa0330b972893e0602ecf2f46da97e77b26b398f06524fa4fe1bdeb4c709cc6e3cf17885dc3eecf5d54b9b0baedb7c61a7aa47c1e7ce9a55d934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75aa5fe83fc9edbcfbe0efd20310f0b6

SHA1
e6c83be4adaca20373feb3228482284358715241

SHA256
9868cb412b8ac3c9be2b23b78d3b297347514f7292b871a39f579f63137951a8

SHA512
831b29d8504c838c63de03db2860338456a0617ebc7d90136dcec38e9494e2e7dc6d4208511a1bae2a3dbc865830fe7c214e8cc45b0c54f6962bb729e6609344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5bb493555cce131d27ac45c18d4bf922

SHA1
782e5411be25040448629125c7666d38e3713682

SHA256
4f89f61aecbfd19eb6fbc915354802cd604c9d17af555fec2cc561a0a9e3f42f

SHA512
a8ecfbfdd07aecaca8b2b640842bb3c965e41fee378d97bdb8c8a46792cbc88e8030cb57dd1fce3a6ef79163dcd925cf47dbe05b3111d01e7cd9635a892dc564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
929bbecee38217a61cdba79856e140a8

SHA1
8ea0017415dbb2470ffdc63fdfa51db16ade5847

SHA256
f221d8eb2fd42d3b4b1e089106ed1e1407fc0e25b7c75f2b5d56819d2f0caff7

SHA512
ad92c3fa5d09d0902e3104f90bdf03f594ecca672f8dd80aea2b8f5cbd817ef45c9a16cb5fd134a7b2f97705b742625832ae4450c414cd41fdf29fb54ee06995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581131.TMP

Filesize
372B

MD5
8d5bdc8babb0942ddad0644fc2be962e

SHA1
bdf09721346b7886847aee4faf5d1cbaf46d1f57

SHA256
594218a2ddb59a1661890bfafc7e7e2a5fe6e44a0144b672a4e05fbb54343dcf

SHA512
2d94a0f53109e011158cf059eae1e3acd1e50706d2e57cbd43db1c42c06aa90a2d69b53c491333213208a7d87ba1bfeb47997031e9ebbf2905c71b1df27fba7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
174ca38deee69c17840c52205306a1e5

SHA1
c8e641b9d5aea12d1bd17285b9e0ef55e2da9a2a

SHA256
6062a849bfc391049972f5c23d38ef19823a70dd9535f22fe9c259f5813db947

SHA512
5a2025fa472960355f5b92d4ef506a5bd3b96eaefb6fb1bfb202e84f13c8b904092fb350ab43888ba1755c58935ce434560abf807b02cfd599ca9d812600a8e3

Download Submit