9bbba29cfe54b064bcc442863581c1ca1a17ff8b2fd514c9073088a7cdcf1558

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

417d7700ffc5003b10e53adb7f48545e_JaffaCakes118.html
Size

46KB
MD5

417d7700ffc5003b10e53adb7f48545e
SHA1

5b659984df7ca16d3a83e47f34cbdbaf3bfea6ea
SHA256

9bbba29cfe54b064bcc442863581c1ca1a17ff8b2fd514c9073088a7cdcf1558
SHA512

460fb3289f7396d5c6c318baa9dc75da0dd7c1f4690b83f242ac7aa78f036ef1578dafc1a3b25696cdff0412ab8fa2264902f0d219be1b63d301dbe99a7f3865
SSDEEP

768:ShRhe6GK7+8d+lOqd4eWpmv4VjZjRpVCSMERTGyijKU:S7o6GK7+8xqYZDVCSMERTGyijKU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
1768	msedge.exe
1768	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 4456	1768	msedge.exe	82
PID 1768 wrote to memory of 4456	1768	msedge.exe	82
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 4324	1768	msedge.exe	83
PID 1768 wrote to memory of 2028	1768	msedge.exe	84
PID 1768 wrote to memory of 2028	1768	msedge.exe	84
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85
PID 1768 wrote to memory of 3500	1768	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\417d7700ffc5003b10e53adb7f48545e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6da846f8,0x7ffa6da84708,0x7ffa6da84718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2600872405924329392,5968438955519793086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
97ca8b3796374f1c2b2923c28eaa64bc

SHA1
d79f41106f02848e1d3b4725a81ba74153470149

SHA256
3b2e6fc97e0cba76e227417d0179abde57dc2b28430b602425e71f7069b385c6

SHA512
658d25f897a3a819629ec8687d749b98496af12eedc3608582751d5f55027c672d3507832ecfc1875279678ba5c77cd93b58b53f14e1ce92c56d1398350bbef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f593494d7331b5505b7fb6a614be46ea

SHA1
5ce2834128afe148619d8812eb5f8731127ae0a2

SHA256
1e8386a8ef9607d0f6693a8cc49468068b1427fb62ef1961ae283ad615f36fc7

SHA512
731fca36ab310e463f80b773bd4d80a39950d0e07a9a68b9835e483a95bc534f73bb0e8ccdb5fe3bf7e18ad6ed64b400c3aa70ecbed30a49192157baa439c415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b2bdd72dad618cc5e97779852c72c1a0

SHA1
68cf8369f7e68872be36812378f65e22fe4aebc1

SHA256
9e42c062f44fbd7b3071246cace8fac76b680d93c627e1729194381b0f990df1

SHA512
973bfb2628c5c8c6dc833a6b404f940811198bd4a3554b8ce9ea07ad63f415be80092dd4e52a1582dea9e90a18ef41c80d314999c85c427151b906a63bebfbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
28464eb6d55b0df547310050146263cd

SHA1
2e4607c96ef72b7e0df63faff3d51829612bd53c

SHA256
8836c97dbe0c4af78338a5809ecafe13aa5f0a6994e8d0987684515c22feae2e

SHA512
a5a9b708c68ab85e22f1088757b9c9e528f6b9ff9fee6fcdd1bbd5aa3ece87b6caec3d5a3d5f2b988b4578721ae2928f8820ebccf23bc9ec37a8734c951b3cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6998836642b3a8c03330bafa9aeb3b72

SHA1
99a01a8581c44db9ae52f171fb085360693401ba

SHA256
df040befacd32c3aeb628de1fc100775485fac791d0d110675c0bc1cba652ba3

SHA512
1da6359c3252f31faff632ccaf92db546d656ce3e82084403bbcc4c571518ad4bf624b0313258e21aa3a7490d18091cb333f7a0152871a14f7ef7424788ca1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2af2d5cd9c1d4334aa189984594839c6

SHA1
fd4b95e182c8dcaf10d662263565cd5b64fb3551

SHA256
68078148a8a74ad825ad7a038cafff674635e816900e703d99ed99da0b86d50d

SHA512
ec95837e2fdb17fa393bc018d7df910396faf2151ecb14f3aba11eef6a76abf8daad507f8ceefd1975e22fd563e9ae6efbd6b005a722a91526f8c06f21b373a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cdbe9318ed1368e3e6e0ed1e56ea3e26

SHA1
526ed3da225f0ec86e84974b6a9c30ef7edd51d3

SHA256
dd1dc86fe5f53e701da104823f9a7c0964e9ac72e89d7cb544932d9eed822ed3

SHA512
e329f03f73ba5b6b81ae280de87cd502cb7f70cb7458cefceb1927f6deb8c860fadc7c12249fbb2d5de63f579bb93d59ada504eba2d30ae494bd8e74b5ac0c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01ee84616d6623783c9263a12721a141

SHA1
f7dc75a7db46e386c408979e647a2ae4ed91f42d

SHA256
bd0051c407d374f68344bd33c710decf1eb3250daf6fa07cc48cc1f8db5b0b19

SHA512
d245afb960ff7e725cc4a88ce933f3224735e7bd1ea9f56ab33099fa9ae631f5a7eb171c3c604d7ee76a04afe1524ad14ec3a2bd9822e4e31182ad1427163839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d7bd.TMP

Filesize
873B

MD5
f1dc230d9c19a34f67b765e24c9e94a3

SHA1
7330ad9130a151938be3d2557749601f2f446e30

SHA256
ce4f2c6be27b3a33b9b41901238313f96577903d856d3dffbed41cabe8553df2

SHA512
8953f8fbb02a0c0207240ba6b418e1508f24ed7c77cd814651b61de3317d6bd85a8c1d53dcc3940b10b41046956c57193874b3ae7be6703488d9989a5c6651fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f3cb0658a23a858e6b41c84161ccfa2

SHA1
8a2c0551125743650af0208461df33bbd1f3ebef

SHA256
ac822f88832e40eb0fa09db8df8b08f543de88bf32d04d7df00954dc408a827b

SHA512
00bf54ec3de14dbbf000ffd8991f87a7f1227a4baa203cff3e5f8082a8d3e2d94352c317d9cfec98130ebbe8be16265321d17e9da27e07a4fa3144b45da70145

Download Submit