0784cb4ac612990bbb06860d55228518a63a95273740403de578cd7c12242a5b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb382150c283104282296138ae2cac06_JaffaCakes118.html
Size

109KB
MD5

fb382150c283104282296138ae2cac06
SHA1

bcb71094a08c6acdc9d5d5628b6f339b0b341573
SHA256

0784cb4ac612990bbb06860d55228518a63a95273740403de578cd7c12242a5b
SHA512

b01f50cfecd8f9db8d213d9c2df13e7083369fede1c4a71e387d5384a23266f32b0cb436b801a5bd11be747479370e2dcfcd7b880bf0e22c333fb6f2c8f0cdf2
SSDEEP

768:g63iOOdSbN9qcocgquJOnJnT5YuKvju9GL2StQ0dFE3HXVs5:SY3uJCJT9TC5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2840	msedge.exe
2840	msedge.exe
5240	identity_helper.exe
5240	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 5024	2840	msedge.exe	88
PID 2840 wrote to memory of 5024	2840	msedge.exe	88
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 1352	2840	msedge.exe	89
PID 2840 wrote to memory of 2288	2840	msedge.exe	90
PID 2840 wrote to memory of 2288	2840	msedge.exe	90
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91
PID 2840 wrote to memory of 4180	2840	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb382150c283104282296138ae2cac06_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa92ff46f8,0x7ffa92ff4708,0x7ffa92ff4718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12247360136816072199,18024495543083027492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5ee0252e2decbc463a6836b4644944cf

SHA1
ece04be6904d2fa53f47a5ce4441cede7e672530

SHA256
2d923fec0cef8f8685631958275c13e0228113cd9c3abaf8d78b73299b5e1908

SHA512
c242aeb360f88bd727075353e4fea4c086df02e3f6bfd8f938cebd85ebb72bfa31a46f5626b3c8a75f6d99ce616b6373f4fc6d98d538fb46059bc70423cefab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5e3e6a3d2c39bc1c4c1ec901edac9a50

SHA1
4f56bacbfdf4cd34256eda4d1ee6f03e68a5ab59

SHA256
0702dad3fb583fb566717ac84a7a24a1318b95621bfd652d9d83046d81cb2e2f

SHA512
12f3e3b06629b0a59589376d3d78fa1f110b8b62ee854769669837e97639f09d928a06ac78dbf6a3e73cc4cf6fa7271a181e9e777fc4e29caf8535458f96524e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
756bfa19f55b21b180466b5cda52b805

SHA1
35ee812534b0c51f535a94105653cbd3b355dbef

SHA256
e3b323fb1834399fc6002e00291a7ce1865bf89eb3d7172a84ef58b20fafc2f2

SHA512
3fba832016eb2bc5c41a35e96ee4b96164a534ff6c16a45e356c05475ee8c9eb9f2693e821fc0f8e6f3c8f84c3095bf11210f66631b2ec96e1830d06d2cf25ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4dce581bc0b6464739613ff835712e6

SHA1
1c5221be936abcc6356d7aebb51163b73230a2ce

SHA256
0c9e263550a1d8e6bda93236c3ec87620b885bee296505635b8bfd33bf93d156

SHA512
5b3f41214fa3377d0f74f1c1620d893a4a0bcf0ef1887737514bd0b45af074084168d8f55b835c9eabf743d97bb451e0d63de6c172417d6198ea959f0a0672d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dc1f1f1bb0f8846fd4e801ace19cfa1

SHA1
3d6e2b57f19a3800e3a321de7ca5aac51b8fee9b

SHA256
57e69d51e5f73d60351ca244facb5d8b50688e3c1f1b20d32f6231dd253555e6

SHA512
03853e955e715a9205ef4de6fff98667cb890302ea86a596f80d5285203f4ae03275923e496a8b2091099c695486f79a47137b2e1d076326cf6ac6b2f0fed81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c2ddf12b80486fdb7638dbb5afb8ba69

SHA1
c824c475d821ec236207cc26bfbf352f62dd5cb4

SHA256
a5ec54ed631d9f3250141db6f5626c4d8d774f1e06db7d414a48b89f5ffda8bb

SHA512
7912c089963b4b16cca6f928d1f91762ca60ce30915635da97c38146abd86d39778074c6da13ed03acce8483fd27e3bc47044a1a8e70ba31149085af4350dc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45a1e06c44fe3c1cf36fa7e5cb568904

SHA1
b1689e6373e279268348c7acebb3d5f95b3b0b37

SHA256
26e2e5e9e1505d1b57a39a377fa79c9a8c93efb674c517acd0b390adae06c14e

SHA512
2ca25f062f23f3f1cd2a120b23bbb600bf0618df635a902589fe015d11b5dcb1520b6d96de6951dab66f4e8452f7911edc17bc892a538880062f04b9065e8417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7cd45723ea1b68659d5905637360ec7b

SHA1
2bdd603eb6b50fbbf00a2507d7943bb609ca9e65

SHA256
6749ea909d20c5f64802756685a3f0c330c44a45dd1bd799b6695fb3b06f390f

SHA512
5da06acaa9de3507a64877242076de6dd6bb2cd70d34dd333c5a7b6be4ea33fdc26d773a405fca142468ad35c7bd984037d912bd0af1343b81dd5a0ac47e0512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1d21f727983a30bd8278758325af9a3b

SHA1
3ae55732a2821e61934b38bdeeb903f4f2d1deab

SHA256
d3df04bbf37c04e9726c1ee8f605f03a0fbdc3358411d6e443277d09d3d68479

SHA512
04c058168e399dbe637ec8be865cdefcbdad8033f6e379ab3a6bb4f403bff872f173447eef683747630d5b540d672681073de9c236ad834d849040a838a1728c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d1c7.TMP

Filesize
370B

MD5
ad73939afb665e55c6b76062339c41e2

SHA1
cf0c82386633d8d10617ac1b5c995bcc0fddd703

SHA256
5e67041613b0d0ab78b1ae5bd72ea6b6a23ede7a1fe1287d71b938eb6feadbe4

SHA512
7bc9e44333c46dec987bc9d3c29576a51449bd559149cdae1989ea097fe54d2e5d5ac5acd059162f450dfe8c1e41a9c75fc7622d1443f5f925ad6336455f30f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e93b4067-ec44-462d-a35c-ce56d3aa7aae.tmp

Filesize
6KB

MD5
e197ba57ad8bb8cb06d4057160120267

SHA1
b9e775ead867381af2f65650c2d2db0e5a350a55

SHA256
1e58e03610647784cafb42d506979bdff8db7b2aedb4a93238ab0db986d14f55

SHA512
fd822e2b821b9a80009a29e0489a706eb33adb2a0ac5e5ee1118780800372e1ca943a2b3c911d1aadd52a381e05492d82c8fc9b68ef6f92cc883e7b00091e03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
167d2152ddf5194cf6b5c15b21e5e666

SHA1
bd510219c5ef5d398221f18bfa9b2e640e8e3be0

SHA256
d9a3874006fce269157d027ca92e9deb0dfa119967b44aadc385de723b5072ef

SHA512
a8ee0bd0b19337986a1a74de9ee201227990d2ef63437aac392be3072d6053203a6b85ad4125ea6f8869b900b0425d15b38b801217e4d7482387d314bf0dfd04

Download Submit