37882db2637f902f5d022a856cef3c97f7fa2f3432f7efefc20e1a8c5ced435e

Analysis

max time kernel
148s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7abccf31d242b5b9ac54e6c0b8be7b25_JaffaCakes118.html
Size

28KB
MD5

7abccf31d242b5b9ac54e6c0b8be7b25
SHA1

ed03b797679430655877fae3c35de44440e09bae
SHA256

37882db2637f902f5d022a856cef3c97f7fa2f3432f7efefc20e1a8c5ced435e
SHA512

4c1dced13873dfeb23d132e5be857c7d98c93f139d35d6f3f3e2d82a4efa28789a27fb3b5573ed355de1f255023da3d89678da7615026808658fe2edef0155f0
SSDEEP

768:9IjTrf5tARKptf7eegVOXXuJSLMRpJTT+h7:9IjP5tAgpF7eegsXXuJDdq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
1048	msedge.exe
1048	msedge.exe
1796	identity_helper.exe
1796	identity_helper.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 808	1048	msedge.exe	82
PID 1048 wrote to memory of 808	1048	msedge.exe	82
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 2548	1048	msedge.exe	83
PID 1048 wrote to memory of 4076	1048	msedge.exe	84
PID 1048 wrote to memory of 4076	1048	msedge.exe	84
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85
PID 1048 wrote to memory of 2676	1048	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7abccf31d242b5b9ac54e6c0b8be7b25_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3330944514308992437,13668293404281472383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6bf2d33528f7069481c2575d284b6c11

SHA1
99fffc9935648c2ed43ad48fb7cec9e1854774ce

SHA256
b1d2f7f4e50ba07a124f07982453bcd739c2e8b80216d182d5a1c0ac975ea349

SHA512
5e6378d99be91be47c6912aa221efe44c40be778072e6f70fc7da4ff712075c4ed32a07d3706a92de0191f6c76dca160586b3c9cc9d6da593c16e57b9478a80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
82e82b20fba86d11a51bb391b932dcda

SHA1
b8507804793621a358f5e7c85a3d0ea924254004

SHA256
d0384bb411df91de380ef855e8a429b7166157f14678399a3a922b4ecd06251e

SHA512
fcfe149ae89fb8403b679cb9d19c6bc473aed6dd4921d75d76b4daf636ae7f6c80b6aa1e6fa413acdd8840cc39ccf32bb294acb7065ea02f5b141129cd53f95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c5aee9638ee6d6ee37fce82908705d2

SHA1
4c2f242c05bc2c706f62bbaed6d785e02d3c79fe

SHA256
97298fde29b46b94ad513625779c2294184125cbec32ce97bbc4dcda835e6cc3

SHA512
30dc0ae1bf5742a9f29e0e7fba385b398f0d2b4363660d94c6145ad3ae60021013b664e5fcf44385813324fddb4ab275695b05d14d5a666a2e023530f72ec2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71c93e3c9fecb7dc9a5d3eaf78a641a4

SHA1
143197511b4681bb484c67c96191195caa632a2a

SHA256
b5a9db8eaa561af7bf5b16b4d9f5928fddcfcfd1f4605059f6a4a1c89c4fe093

SHA512
06937854908fb770518774434f236fe70edd922f23692bff7741c7204e7ef71a61e9667789d3f3519a1996c639e3674aa73c9d0aaf41f95946d8842d3563b2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b60fe043182fac8781b06381cc4681c

SHA1
514c4099abca9ee49d35b765187ba1b06edc4c43

SHA256
0a836b989adbda9304c7abdf8c57f73a9a3fab63279a31954e814ee2c5d02172

SHA512
b6f790ad4080f8e2dfd4479faab74e002702d075e9cd7cc5fedcb4bb6e4075014bbba3627aa5871d98c438cab27b1c77abc308c4422a9b23f7a872aa218afa75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7adf86f00c49a4f2fa4eb5780610436

SHA1
edfc0a1417a55406ff773e1f880136dd010c564e

SHA256
2d9265977c3978db1f89f59de4ed2c6c0f6cd3e3fb2c45e1dc5f1da8192d7f5f

SHA512
e5ff5050a64a7129d17065479458c36ab790f5b045166d0924435a0a41254c21d8cfbab1ff8fe7b92c420baab357a1ce4b804296a288b1a903c21e49659d32e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d18d1da61f1a233422f23b2f5f78987

SHA1
243d0514da3aecde2e341f39e450dc83b1bcc2d6

SHA256
7f82c87632d749c1a3f879e5549064bc00e38ccfcd1ba0dffcb6e26151d41ef7

SHA512
738edecffa603643ac43b7db2d4c5a07cb0d3cae6fe30813d11393336d3919576e12cdb58c534252253e77355511f51f5b2125be22d5aa2f81a426f3869b7602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14a51a2df9ea73f60fce35e2853faeed

SHA1
4498b923c0aeb5f2fa6e365878391b5246f2d187

SHA256
a6fac6887ddab48262ed76e68a9d9b849193264f93c033b0062880efc2e3cf1d

SHA512
5ee54e2a5b0a22511d4ad8f2a81e86a0dc602948cd331d6a7e79d56feb60031d39e33fd41ce18c3edfd8878ad8d0cc82c0cd76c8a0f402e442a30de65828bf29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a5f4.TMP

Filesize
1KB

MD5
9243295f415e7dcba73f82d2f9f41023

SHA1
0e35ccdaad2851d3b90d2305300d44c92a3731ad

SHA256
49459188f12dfaf1fed1b1fcd5135068d5e0135f6d1a09940d26a67839f1b7d8

SHA512
fb5aed5e1914cf49b13b4fa555bb9edbd1454b955e7f88d89e615fc0261759b8038273ea8a1c1ad8a97dcecb00ef43df362ad8b09ec0fdd4f016dc01e2d993f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6971f62a9c43dedcde9f3e9d8574a9d

SHA1
9ba5b191796bed6f86dffaa8806326f3065de8db

SHA256
080f1df0f283cda7a8cfa6be5a9f043ee3d564e9906e416676767c175d5caabc

SHA512
1a7735056f1c22bc0b825913f99ee0e3a3417a5839e92afb3fc786756be3cae3f6d0bf45807fab7896a936eb88ee6911f1204f33ff3ca20c9f6b6e7fca5a75c6

Download Submit