b7b42b849cf5259e84f33c79f00378b2c52c407c876d47501e77d7f5b2999b54

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ae752c049041d8a3b5231493516e8c6_JaffaCakes118.html
Size

304KB
MD5

7ae752c049041d8a3b5231493516e8c6
SHA1

210e63089601c3900702708565b71280f5122357
SHA256

b7b42b849cf5259e84f33c79f00378b2c52c407c876d47501e77d7f5b2999b54
SHA512

1a6517deda2f0615231b0c51fea189d6714a47344015ff0d0e01ce33d25a2013da782cad434e512e18baf89fed51d7eff401a9023c36200a5e40bf0620f5d1ce
SSDEEP

1536:g6+SbTTFZSjTNrNkltM/jVII3IbIre0zpzmL6ohpbJLnvDDzjgbr3b9dE63pGZj/:n+SbTTFWrItCVI2+pwQQiTCw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
3372	msedge.exe
3372	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 324	3372	msedge.exe	83
PID 3372 wrote to memory of 324	3372	msedge.exe	83
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 1268	3372	msedge.exe	84
PID 3372 wrote to memory of 808	3372	msedge.exe	85
PID 3372 wrote to memory of 808	3372	msedge.exe	85
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86
PID 3372 wrote to memory of 2520	3372	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ae752c049041d8a3b5231493516e8c6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,52914663119445041,3143222000540805542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0169e9ae101aa76b808226545917ca3d

SHA1
8378118b41c499bc6451c8aa0a8bec67387bfc77

SHA256
e3797c87af92a1563d89b39f7aa907f53ea8f402435ff3c8fa3003ef34423c9e

SHA512
39c5f815391c6b22d56e566ba8419edbf3bae6305e14f31e2c93d359ec073f471355310a73b60646edbc2a9604dd5d1622c57cc25842d98c92e2a047bed16f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
dae2731d720472a3415589597120f19c

SHA1
44338373b00bbeaa081dcbdea8c955d896a82843

SHA256
d29d38f0be99b43be4fb5680abbe9436f75cb6db39beb3e192354043458d7cb2

SHA512
4c33eb9f74f19dd979ee77b2a94a7fabf9ecfe6a8cbdffb51642890e558b5418c42663737fc7f11acd96a0cf8e2c47bef11e34770987fba58586624461d4a35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7c8eb7e98c23c4f1297c64ac0164d249

SHA1
ff84f4f13082a2500d7b65e80d0e5dd9cf1036ee

SHA256
010fd965f8f19a1f5b8c982813907c457197e37e1eb25e9bf9d4478071d02073

SHA512
85a768776f4a45d9a3769aadf1975a57010fa2e491b25d9f7127d1467191ce13f9d1e4f2298567c7c56ea8c7169b6c89a9f8df28b36afaac472cda22e4ec3f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72946c1b7bf340e8275e739673b19b94

SHA1
d36b81877ba5df510f2cb6e584aa9526752e8c78

SHA256
a0b7ee8132055fe77e6652ca7ea7d8aa8a78b6c02eae21b66d495e9b4afd7a44

SHA512
f688ee5d43e2446c6dfaa2d10bd086602422e296c20542337c17d48ee6ed9f81c01ff65cf588be0a9db135a75575cfe3fbef7cc90f5642254608b2b71c710ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31bc3180716693474c31371a20e3a41d

SHA1
46d4b9dc49b65baffc2b7fc6bb46f605d2c5a129

SHA256
d68818d1491795160359e419ff463224e69a5a5d7a27a759bb6552ba6e5fbdd7

SHA512
fbbe626f48785082b358262348eea8f4dce0af8779660ff12accc73c0ffe51c965b7ea6915cf56e232bd28650d20c051dc6b8d87cf4abb2694d5b79c60fd136f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d45a14622f1ebb12393d06e4b3a96ba

SHA1
7152ab9a279ae7d33a2d5e8a322908f4e23345ea

SHA256
a0f5a9ebf325cce64d45684cf802217bda30cdad81725b2be89203b847ab6328

SHA512
49386faf2405d2d72afc356bb4b2d2b033396599bf3548565b01058a53678f28d68f35bf3f2369c948f00b0f3fac5601b962eced59b2af896c7735dd1bc1bede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50c739a4fe02a7a051b77f5fcec7390c

SHA1
aa5e426af0f82316c1ed4182ba5f244d1a102e97

SHA256
53d94bf1a1798c70934ac14b6eb4d956c6525a0a60b7d16763fa50fdd9904ac5

SHA512
2d583b29f35c020fb50e4a039c90bb083669324df306045d22e4f61ede52fc3b4f9dcb6041fbfd029e1be42eca1baa1582a902b311772567f12aa6d827e5d35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
10be0acee25c2d5bb760d1479db5ce35

SHA1
5f2c8991ffa7bf074c31e7c5aa686cae3739048d

SHA256
6f48d9750c7877e39254fc4b7c60b306c1e10083cae79a173e89170c1d172aef

SHA512
54302ac5d653c220cdbe8182fb49f75075ca8a316a600d830639703c8d527b8162cd3030681aa896077f754dc0592a267517d5925754d867faf80122905533c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf56.TMP

Filesize
203B

MD5
c6605c46d7e4cc3565bd15f4e1d10477

SHA1
73a61861c06c9af8d941b8ee5784a822c857ab21

SHA256
149b75e335188fe2bb43abb62f6942cbfb56109b18d0179f95f0f581257a6e13

SHA512
14097d5360aa15b75eee2d4030909cddb7898125fdcfac66cb512b695659f72bec80f35a7302434264c03a96eeaef2c37a06e0aac7b02ba1b2529fb040ca2207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b119522fa2656f4592bc0b8493f1c995

SHA1
4527d09003c3db9b58f84de9aa2963a6931ccd55

SHA256
e97d990c2da0f1248f55fecf74f40934bb15038e39c89147549b8206ca88469e

SHA512
fc90e78022ce1a80b286d9cdcae50546138b89265392544dba29c26c0134e06a44421b4e2b7c6c4b765af3588f6f9bfc454ceb6bce4ece80542fb781c7c6e098

Download Submit