a8ee88f6a2d30cce955dd4b852223f0ea755e0c24b09f0b1097e5e648da84493

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6562a23ac87a24ab9ceb266a2c7d9e3a_JaffaCakes118.html
Size

38KB
MD5

6562a23ac87a24ab9ceb266a2c7d9e3a
SHA1

45ab3db0925761ce2d1a6c7060de80592e626e0b
SHA256

a8ee88f6a2d30cce955dd4b852223f0ea755e0c24b09f0b1097e5e648da84493
SHA512

3bdb5cc78a0c1560842102237c419a524657663fb9b4535072ddb2dac62274b3d0c6c5d154b15801c51459a7a638632148aca9fda14b38642f7d3118d99a5a44
SSDEEP

768:S7Ln1dVq7P1+bpDVtK21jIRbzLhTirXj9tYv4:S7Ln1dVq7P1+bpDVtKcjI1HFiz5Gv4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
1412	msedge.exe
1412	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 116	1412	msedge.exe	82
PID 1412 wrote to memory of 116	1412	msedge.exe	82
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 2576	1412	msedge.exe	83
PID 1412 wrote to memory of 3224	1412	msedge.exe	84
PID 1412 wrote to memory of 3224	1412	msedge.exe	84
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85
PID 1412 wrote to memory of 3332	1412	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6562a23ac87a24ab9ceb266a2c7d9e3a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da4718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6992594426506597158,4039782441658834854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0c16a8f8de0bd41b406be52947d87a4f

SHA1
3622108c6fef22bcf586e1ce69bc60bf03588aa4

SHA256
6c90df95fa7b3bbfee145ae43a452be6ff07a22982016665c6e80ca45ce1bcd1

SHA512
432890e25838541f598d72e93d05e6d83a720a6a18ef591438723fa900aeb6b5db20a82ae2b10bee6c4e57eae6322795ac86e35a6bd4388c174daae3f5547e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
94e13a422e5e88922b2c1af628db4d21

SHA1
e81b581179d0644a6461f731e2691ba193c3638e

SHA256
97e9dfbc336b38b449a55c032d0fa0200a5931a21927aca7acce71d5fda7f306

SHA512
893ac75b4f804696228b6960c55f95519926e58b8de674f3efdf21aaccc7c9e3ef6f6f2c7f9336810506a55907f8f0f701d4d696caa21afb5b01200142417ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59cb68ddc943efc7d24e5e3e95cab8f7

SHA1
c9a1eeba3778ec97b3ab5069a776770fb7184c3e

SHA256
d2d0a1bccd10aabaea7fe04cb10943d07d19d0b09b3c026b81f9406cc79df5dd

SHA512
a99e86fa6d9e6bb8987352569ab57fd1953a2342a8430cbedcdc2d68e2b372e8964db00e748e212a66a0705a98a25175a4261dac2704c3e9ccfbb049926045c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b1a9fc36d85e157043379be084350b1

SHA1
350c4ae5bc4c0af76d0de81f2695804f805e4d45

SHA256
e48f8a15e7784dd9d066cf0f73a0a19ee0ea541a1a6f53c34dfdd789d6cff19f

SHA512
f587a5c0dd4d8ed192774b8c16a8b628aefb08f3cdab4e755d96720b2ed0db4df9adf72d357e4950723f03441019517dd1cf3d28c7eaa755f7c4f57e5e5937ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70c32d8eed5ba7254e07e78b8c254556

SHA1
28f2534120723a0541f11c8ac53b1625e1f273c0

SHA256
d16e63c100e16b56f660a36fe2bce7962e8c87493f04048f9d1af8b565cad21c

SHA512
5de5b622a260614588c9106553b7726adc0c5b9bde6e2ecce062d0c9d0d0f25229dd0e1e13c3ca51e5a5964b77810298f0111d8f499aa292792dd3475c62636a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a66c3d0b7649bb43f9ae75b9bb2c5966

SHA1
7749a52674b81b414b4b800e61b6fb4efefc8d59

SHA256
0bf225163ba10839773a99b47f45cb07d19d311dc37b90b27a06fb7c9daf804e

SHA512
d6445c110f9d6e34c5a5011453277fa099a1aa9a65c27f98a7b2749c021d5fe1f19531c77d8d58063b206eeb52cc6c14cc1b1ee5ae686e48f113b8f410a54589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0536c98c18450c1d3604a0f432773ebb

SHA1
ad3e767d0dc69b6c3365adc40735c4f3679cbe24

SHA256
e4e4115a4e9df28505646093ecd4d2f957551eee89add7b1c05f1b822ecb2911

SHA512
85f9ba47aa40ab538e58aa37aa481df02449ec12f4c14ec75e778e8dfe4f005b59e372abf4cdb1d93eb422c4a385d522204b9f171b4b5af6f316fed0fd3c2992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f718f47c594646ca212a0589ddfd345b

SHA1
395561e4e7624d07ebfdace0a2a59b7a16527409

SHA256
94eae80a7295cc1c9095a7dfcb78a5a94995a25bdfe13b47b7daaa44d9464c1c

SHA512
10e0a684f77405d80439b0cd64d87a379693cd769a7c4797a15d16c3275fd7ff6322b34490f68eec7a1995a6a3dfd05265ffbfd7500112bb00b89a2c207fed93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818b3.TMP

Filesize
204B

MD5
0a9f7e8d6fea8afe22ee841473cbba90

SHA1
bf4c31038cf115a66085dc0859bea3d737bf3375

SHA256
041f4d81fd77cb842d2f52449f36659732e606a007c22b7c91612e677c018c25

SHA512
0873a5b6e2e02795cf73b1b635b2892b457ed5e0c74a139722c45c0000cabf532d29f7555ba9492d60027063a99ae6b9a775e880815762750af05e9aa5a770c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb25f684e6c4ae3f7b62ebf9c4a913f4

SHA1
06e73de83aed078f444c460ed5038c3debee14f5

SHA256
ffaab1cb8b3febebaa876211dd017d6381f3623ad0e38802a1c04eb7d0af9520

SHA512
6c4e05f52ba252bb1e38df02e8a7c810a24a09e88b2a09dc6142dac97679c18383a63df4c1cc5ffca9234a2a40f5d74b3384f759a18e05dafedb8463c47196df

Download Submit