1e3b5bf9bf19cc10c5697b67cd2058d70e64bec03ab5188481523617cf019b17

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d5f22fd397871cdd82164a7ede7ad59_JaffaCakes118.html
Size

88KB
MD5

7d5f22fd397871cdd82164a7ede7ad59
SHA1

3dd5185e388c9c65e19a964e68cc59d211011005
SHA256

1e3b5bf9bf19cc10c5697b67cd2058d70e64bec03ab5188481523617cf019b17
SHA512

d43b2e68c084da65e55d7e95a9009767df145cffaa849d0b139d8634170cce206676a327f04ef4baed728fb215abfa4a1464d10d5be650d871d33052496ba703
SSDEEP

1536:CIzK+HY3GuM/aDgt0Iwy7qwLVV3lXgsJHVtua7i8mZWwU1vX9/34L4fjMLvQ28qD:CIze3GuM/atIZ7qwLVTXgs1tua7i8mZh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
1076	msedge.exe
1076	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2200	1076	msedge.exe	82
PID 1076 wrote to memory of 2200	1076	msedge.exe	82
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4804	1076	msedge.exe	83
PID 1076 wrote to memory of 4204	1076	msedge.exe	84
PID 1076 wrote to memory of 4204	1076	msedge.exe	84
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85
PID 1076 wrote to memory of 3140	1076	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d5f22fd397871cdd82164a7ede7ad59_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13226064415802277804,10928525602618728422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a364af874be3774cb6fdf2562736bd60

SHA1
d10dca38fa0341741a54219413fe7f05c04e6773

SHA256
b7c928e3c8088a7f550cea2d1c120d971b8f96b0b7b6ceebc92655d5625bdf35

SHA512
6ce7cf9b55cc4274c2f7af7a7520f27a959bfe12fdae4d5e5e84ab928cd7974e097a313471e4a60a02fe4ef5ba1b914543c7c52e08497c95de8a026a88eaf968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
572b40b2a3084f9cd96eb003eebf0e7b

SHA1
54c8d35c7108c3fccd52c3957707b4d22db61e69

SHA256
e52b20045ab9e942b97e4c53c53baabe95c7bc724f1234cbb85a26fad1a3dc1e

SHA512
a22493d5e64118e84043e9aa2dd4e1e29daf105fea061c4eb9b573be0f4431954af11c4accccc71075c57727151db5545c2cdaafb1ca2c10019ce7a493607dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
63bd1c41e062e11faf9f2d136d35db27

SHA1
cb295ef0637f7574d9fa11f4b461668bf8b50199

SHA256
e11b95e9dd8ef4458bad6c863521d348f01be603018d7e6030331975d5d6d6f8

SHA512
f54820d2bc47c419eaee073c821672bcc344d4a2945b55b69fdc14f236bd6703e7dda74fbde1b6bfe68fb4dcdd6ee277e0bbf9adcd25588f865760ae74cb9e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5946213df4663eca509727b026f1dc2b

SHA1
df7bc688563575dea33153082d3ac5236d5f0a76

SHA256
d29a1be4dc0128591cc0883b5c4af5a3f14070edaa1667f3bda3e879cef81fe6

SHA512
95f38d4501e5e3c192d9246649007834a5cea2fd02cd8e20cfb58c1abc89a6858b23b5284fed17578df33486e6e121f225255cfc145cbad69c9bcc764e9f3b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
432dbecdec0973d4a902f6284ca135c1

SHA1
79422424bc94261582c9e5fac3a3ca7b62a032b2

SHA256
9017f8a351c8bbe6d194de242f3c4717329abf4b2ff9ce41c2e0bd51554a94fb

SHA512
fc6d8473b4f98a6b40f82884c765519f21cbd0bb91dbff211c6e4cfd6411c8f2ebc9333f459d504cf9a883918ea60c5c3db81e8b92a64567608aa7bf222aefa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfb83252f27fc56ce4ad717ba4a487de

SHA1
818210c223f474898f65363796a31d4f39a596ed

SHA256
a74dc5cf6f6cc8e78d9d6cbc9aa0c54e6da65826d6a0b35d4f3e651a106da675

SHA512
e5427cf1d567f0f06f844e89f609c69abb7447696c2c634618b1b8ce1e278982c088b21d14478c6aaa6afac40d7cfddeb834766618c2cccad1a6956dd67cf4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33408ba0393a21d94ba4ecbaf2b8e29c

SHA1
506e8a096390a5198bdd30e62a0dfeef84926348

SHA256
ab421ffc680919af5e173360f5a92366719d084377fde5e690eea016fcf2c97e

SHA512
429c764369fbf853190401112a444e625d5d838ec433f5d623c37f7542974a9a02ce5a25ea1ed8301078cf7d1b3709af8484fae5de3469577891285a96b3fcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f6f2d14d936afedb73a2aa899b972421

SHA1
0db0569290bbc3bfc1881265094e75cf2f18d15e

SHA256
0efeb1de814fb0e958cc26ef9cbda7f59834de4ea2cd3a1b7dfff2229b3a98b0

SHA512
dd51d2061cd281e0d27ad4aa3e2cd0cc2860787890548e3c37ab93d8124e63582a07fa49558752a4149e5b5fba1e561e600607cae91b92bc2336f363aeac1337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bab5.TMP

Filesize
203B

MD5
a2d1b8d13d9046300c17ee43e31d7495

SHA1
b002ec15b91a2ed4c8ff7bec165982f14034a6da

SHA256
7bba6f0ff9d15b13322c016eeb60702cb26eccfed5d0470982e17e1caf5fdf1e

SHA512
a40c8735435802dd30a128bd859fbd42f0d6c118248887f3a05e4f1730aef1b742ec01f8251f749bc8631dafe4384d78cb9d97bde38c08e2ef4fddee49efee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acca890bbd32dac0b3b9474e3368798e

SHA1
50b740fd931a8240ddf80ef7ad4f3cdb6debbd6b

SHA256
bd0278b109ec4cd3a406d9aba402b0b768729d4e69d02eaddd21c55e77c10174

SHA512
6ddfc85ff5fe18fe234f5825a60632ca154012f8990683fdc6f5bf5ffc39375377dfcdd5b352cccce55b9fe09efc51d31e938bc29ea9961ab94643a81e23dc9d

Download Submit