17b7d477558de217fd93b5ae28d888b256e00b5fd9a5bf794514fc2341d3a177

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3eedbacd7ec92e3c876abab20d26af17_JaffaCakes118.html
Size

38KB
MD5

3eedbacd7ec92e3c876abab20d26af17
SHA1

07c8f9ea267feaba23bd4a600436afd0c38de672
SHA256

17b7d477558de217fd93b5ae28d888b256e00b5fd9a5bf794514fc2341d3a177
SHA512

fefaa1cd87b812d01f7435ccefd372e09029a458ca4bccc30bf6c3fa39d9ce5f991245c19041fbd91b85e1698d7c26808f7f6a644de7f283a406f971b49bddc9
SSDEEP

768:Zcd9QZBC7mOdMQ8pC5I9nC4OHFL0wBwowObtzPd:gQZBCCOdQ0IxCfHFL0wBwowatzPd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
4800	msedge.exe
4800	msedge.exe
2840	identity_helper.exe
2840	identity_helper.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4208	4800	msedge.exe	85
PID 4800 wrote to memory of 4208	4800	msedge.exe	85
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 692	4800	msedge.exe	86
PID 4800 wrote to memory of 852	4800	msedge.exe	87
PID 4800 wrote to memory of 852	4800	msedge.exe	87
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88
PID 4800 wrote to memory of 1432	4800	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3eedbacd7ec92e3c876abab20d26af17_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaac3346f8,0x7ffaac334708,0x7ffaac334718
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17880893657559707366,15475352902238473969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
cd41d04b45a4ab922400758f7aa1c05a

SHA1
efe9ec0cff99008d849946e7c03917ba2fb4b555

SHA256
c79d6c1ec61a66fdfbf3aafa9e9f1ccf994d12d0cf9038e1f4571dc8e726ac09

SHA512
044fe52b823f6bcc4ab77824eaaac10f147c50ffa27a4bb051ea83595a45eccc83273e5f03be3e9ab4edd4547a7ec811a92a9aea6733509b55d02f0a73942033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
73dfb3aa08dae00b6dc77278fbaf609c

SHA1
2f973d128191e754ab3498421b00af2d0c832c80

SHA256
84c60b72aed8e197d8f2c03f304b613f6d683e18a6b90daf736728e910b3580f

SHA512
6e72858556210a72cd42f085e85364665a659094b6eb19d0bd929aee731ac287619732be68249cae008a8dfdef88df5bde9e51f543c908e48527ee4ee0c0ddef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84699255b6dbb035a3f0e0ca4e3bb1f6

SHA1
d0390012c8500dc222a3f6a9ac1e7c56ca4b35d9

SHA256
46b071a602b189193a3340a59d6669a96c02a7082ba269fc7536cca2bc44d5e1

SHA512
28c89b72f176b748d4fb2bca25a7d43c2c2335f8c7be01b3ca77888279ca6fbd95d5a98461f347aa741617acbae6c1afd31edcf373655ef92221835ea0952e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2a42e2795c50957af5d57311c310e79

SHA1
ff8446427ccc88d63f11c90f34bcc6d3ef159075

SHA256
e70a9598cbc72e401acc5bc35a7a9ba0c187cdd0b20b9d2a7867e860733822dd

SHA512
4d927a09c97859db1f17a6850967e7aafc583e239809f23d0181d2fa188d76feeca0089646a42f8ec329cf8ffac07af3bdb7eb6db920ca3b998489fa1f6dd9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
d3aa928408ffc41852a5c8e55ff385fa

SHA1
381c03b691dba1373e2ca243bde3fdcbed063613

SHA256
a165cbb88e102bd8d80a3aa7fb8e89825295cb092518a93d5bbc7bdfd57f274b

SHA512
c8301a0dbaf7c3293f0e4ec14e4bc2298e216c0545325bbd679df414e34e112b06788a7d270ccbcd9b94ea476b03cb76356d565106b4500a04e675f6c52ef9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd06.TMP

Filesize
370B

MD5
c52a7ba94a3690a1d10d721b2317b61f

SHA1
0d09751f25cb943b89a5802f1252d4dc87194548

SHA256
41c550be68f6da3284beff04dc62d017b15226919f32cfb1ce7110b401539b30

SHA512
bae5551772cefbc40a4bca283376044dc8eee3c45029c7581bc439ebc6fb45d8e4b04d146ede7275e5670c1da9baa492fc506652f463c03d41b468760e125947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89dd3957dbae5febc557b67e36e4ac77

SHA1
fd6ef74426f406540111b8f0a9f8a31a0ce9b187

SHA256
4a9d0689253623e0b3c74028b33983dc68a1f20eb8d4138af0bb69562a2e7e06

SHA512
a5ddaa97223588e7ee67888e390571ea5ede0689d78dd92e7cd6695e238fa364fb490c88ea99d04cc91699ee8c8fd540ba31a2b5840e3ab2ce75af4f67571caa

Download Submit