5472c5321d673298ad2e21b7bf77f5888ea230ed45e3060502d04378215c5903

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b50872ba07e1edd49b753d708dd49923_JaffaCakes118.html
Size

33KB
MD5

b50872ba07e1edd49b753d708dd49923
SHA1

8d96d3e6a121410a74fed6f28514e5cb9373e5fb
SHA256

5472c5321d673298ad2e21b7bf77f5888ea230ed45e3060502d04378215c5903
SHA512

2dfe46f9b80b9c9e0618559e63f0252c80bd097da5340b9fdde903657ab76d6e2a5b472216e5535ea58b7f1b6d7b42d2b4aed70132cc22a3a57c54ddae00ec9a
SSDEEP

768:itZRsV2+6+kPENb1JZYDN4n+Gy1Jlk39pa:sZRsV2+6+k8F1JyN4nBja

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
2184	msedge.exe
2184	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1644	2184	msedge.exe	81
PID 2184 wrote to memory of 1644	2184	msedge.exe	81
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 812	2184	msedge.exe	82
PID 2184 wrote to memory of 3220	2184	msedge.exe	83
PID 2184 wrote to memory of 3220	2184	msedge.exe	83
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84
PID 2184 wrote to memory of 220	2184	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b50872ba07e1edd49b753d708dd49923_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be04718
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,15331707401474868849,8258776123586765028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9d52c899-1870-4f86-b616-34ef957bb502.tmp

Filesize
8KB

MD5
6b9e6d4edb69d5804ce0c1f4c3606977

SHA1
51543881e1d69226b37c0a94376a64390317e089

SHA256
fdb643f6ad1892bed96fc7561fbe25a25c79c0bd78d6e0bbe6bcd3f6a7f57939

SHA512
752274d0f7d699efcbdc3846bb78d0e942fef31c8460c33dcec8fce09fa42a6e3c750e87dd7f53686b915092df7f09d455eaa2b70825a892f1c4fb7fb847bb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f351426dd69c4e6e36b3f0de5b9c0df0

SHA1
7d39fd4bb9690a8a9d70a9ed1fec748b277c516b

SHA256
f063f3a7a52691806f4c18d0ef65720fa16ae6c35d0285edf9b4ee74cd366d8d

SHA512
5acb2c5f5d1f36322fa7d3098bd86f3f2fc5a0ef136b57af16c53f65bd2a310fab728d5906ba146623a333797dfb3477d366330116ecb36147db6bb94ec2f5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
89a9346b9b68aa24965ffb8c0875f745

SHA1
ac8302b44a40ff6f977d0792c5f7cf99cd5d2393

SHA256
45ad2606aa8f77c5d9986474db50db437acab9610dcc431300a0e83781e5ebee

SHA512
6874864491bf5da25c4c96e312c58b311cf8a0c6b0c51d3368ff051a9fd3fc798e232067abb35afabc681a7386034c17e1c7abb5d57408c719dd356229445693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
161b8a841ce3e8face2a76e9aa619647

SHA1
fad02dbe2cfddf40c92de2db50849670b906c392

SHA256
36a98c463126930b247e2a88b56215b30f3be9c9e8fcffb89693f6a6a34ab10b

SHA512
403987492d63f0c47eb7b834895b4c48ab530cee6e0ea6af7cdccbc2cab1de77b2ad9c38765b5f7e37ee69e762e729830bca1deb0ced44f67189e84cac09be4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74168a1c1ead08c3a776b12d4daa0064

SHA1
0313da3d863857f5e06e659de95e1d7d4bf702ef

SHA256
a8de86cc08bcc90de67895c6ca6623e3bfefcb59e201b3cf84c229c871258f4b

SHA512
5edf68eaa8bcc8b3be9b4a883e0f6a1d41c06204b1d83a9a1dfc858c1ee6ee00863a3cb6d32f1f37cf761fc47d06991583fe7be842c5686a25efe23aee59dd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d341b10c7f627ba26672c2fb2f62928d

SHA1
91bf6e40a67f71c759449f7095ead6efb39f261a

SHA256
f80f5cebb5db6ef6b5995f60bfaf491e845506ad5ce331382c6aff4f1fc4ef77

SHA512
7ec5a2cf5e5a2dcd2d15697bf32346d547230d8b046315bc0e647a48aea5205108eb48dfd233f7547adeebbf3db61a6498c7f1e11bd70b646eca5d5ace41c3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
704c14b9a31b6ba972d792b863923f22

SHA1
ba59f7ea2ca7d1350ad15a937d6cdf31657707fd

SHA256
2d4f8a8aad33a55471c99230abc668891118ea11bb7e67eade3343dc15b3e6d8

SHA512
f418cd9fefb00553a58bff8a68b51daeaf6d3c091f22471d546c66b303648f64a46d71157fae38318041486f5b7cd3d161f611512d189e5f853173e48e6f1267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e26cef53b890815adc4cf9acd2ee75e

SHA1
38d95b5e232a38aec9c52d95944b23db85b0b90b

SHA256
96b1a3b98fea84684fa0c8ff645a0aca03f96000b8a4566bb03130db2a8484cf

SHA512
7d91bd88826d2d2e4d84a17a162885ad1f1d8b91d8e08769fce1ef184fb3b0454bfd734184a5c3bb56e6304b6224acf8f086ec9dba954042368690a56587ff74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580693.TMP

Filesize
1KB

MD5
9c9f5bef36a478a160d3ce50253b57a5

SHA1
2cfb3a9d78c4808231210aa308eeaefc100056ee

SHA256
946b14c45fa3f8b26dfdd3af74ade5ac9459fbf8a975a7dbce8e08c596d21eb6

SHA512
18d42dba3de74519a13527f1e8cc8f7a05c992ffbff32aeb55828e8277b743d946671f7a147de827c9b8e0d66dc18a3a3461e72ecb5e78146caf10d36303b9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0d479ac-f009-4e75-a0ee-86bd42cc96b6.tmp

Filesize
6KB

MD5
c1a515233c7bcbdb6d5b226b21db08d8

SHA1
e43a30480453292e1e0cdca01a037e1f69da538f

SHA256
69968cdf9b0fdc22840ecf58874dd79e908836ff154c79ebd0247da69fef7c7b

SHA512
c423db25b338718a4fdd59b7c75e0485295f07d030b18b68112849623b611c36e95a813cdc0334dc172b65aed9a7d68f44beb4352e9f6c8b5ffec95d17fd06e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a39b638404147377289a28f5f89eb27

SHA1
9da6563da9d6e676dc679d304dbf2323f2c49351

SHA256
9f79fb6afe555fc31125bbd16368144fe0588d414b4e3534318945f353ee99f7

SHA512
f3b4e2a8b49e1771604be398a45c150701d8ea498ae5f1ebe1a2407d79675d63ea278561d84ab996d5bc6cc0d0e41bdf2e373106f4a44db81f9ec49f1bc7e159

Download Submit