6a6101379ebc5d8166ebdbbca95d8c2642fee27be51704e3a572f4fcc0009bbc

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

870c946e18b943aafa85fd69a9b10cd0_JaffaCakes118.html
Size

150KB
MD5

870c946e18b943aafa85fd69a9b10cd0
SHA1

24617a4ce0827608083394dc0fd2e06d6496d6fb
SHA256

6a6101379ebc5d8166ebdbbca95d8c2642fee27be51704e3a572f4fcc0009bbc
SHA512

57d564872450f8e591775de96a6726cffc3426bfbffe22e64dc41e1ca6c30fec3bf0119504d537a0aec4046db53a3218366fdfe50ca1f4f12cb25bf9bae483f4
SSDEEP

3072:omweSC3o2UP13G4k5QhLpOatVSqyxQ0aEkh/fNbYaaLStR6xWUu/v66sbsGon4Go:uvr3G4k5QhL8atVPVfNbYaaLStR6xWU7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
1192	msedge.exe
1192	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2276	1192	msedge.exe	83
PID 1192 wrote to memory of 2276	1192	msedge.exe	83
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 2676	1192	msedge.exe	84
PID 1192 wrote to memory of 4592	1192	msedge.exe	85
PID 1192 wrote to memory of 4592	1192	msedge.exe	85
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86
PID 1192 wrote to memory of 3192	1192	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\870c946e18b943aafa85fd69a9b10cd0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14106988616999657531,688389727174682126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1bc016207a0b9393e770eb11556c5f8d

SHA1
449f3ddb11837836a124e2da4e7195e99233af0a

SHA256
0e6e55d529ffd950b0050024a7ca5df0d67f01234f1ecf2b9520f86407d592f8

SHA512
ca664179c839ad7c27d2ab583d151f5f3cfbeb1c3dfba27d841c044b7b7301429edd6e5afb172f6307c6276c1d32d12af9b01ad972df702a8ab40a5871bd6f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
10b8368f39a9f6c9b6efd47b87b5d3cf

SHA1
ffb94356522157378044312dae15435f89d5c5e3

SHA256
9ec0b0f301a267c3925d2f537fac8d71cffa237836e3429d54833dc752b31db1

SHA512
291f8c9cd2327dfc0ed80df90766aaa9ee40e1ac67e13b783468e6239569375540f4bf1109b4e20844cd98477991a6887fb0ad805c6adc8a4d420cb3be2d40ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f5c4d0b5447e749a0313392e7dc53526

SHA1
35848e90f2e0976e7834a15ccb81e90b37a52ca1

SHA256
fc5fbac54eb73a84cbd073d9136232be9e96d8d689372b5efe901a033f56b45d

SHA512
701844cfc49e4ba7f531586b182ca1ae315b88b7952e1c464d9e392e8bb0b95eb4e3f41e9d399591064f83ebb82786bd8605583f1f5339622ebf094772d52fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20182a35ba9c69c6af77e27b88f1c9cd

SHA1
bcce6f320c0def81de2c916287a9a624b71a8235

SHA256
455d416112f977e07ce9b4e1e372daadcaa44f94e5f4e4e3a0f992cdae44d198

SHA512
877bf08c9a9403dc360c1461e9d21f19cf72904d2685ca78f8e5d2a8e7d5254ea61ff0351431ab52953ea9cb535dae4e48f442d20a7d3adddde2cb9449ba2904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d0afecb5db81978cdcd0645831dfd678

SHA1
f5cae3d7d67adc4bf2e204915bf6c0d4f4ddc774

SHA256
75b864cdc049236d78956622935daf429d4a64503f09d039af4344f94817e829

SHA512
2c248e241ab87fa352a85438c8f7587143a86b8e2a0b5551f991947a8831bb0556d183c5ba00b8810d996b83198e990f493fdbdafd90ce041d55ee0de6971eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6077ae67f2bdc23ff4c6dfebc35c3d68

SHA1
c2e438b57e32e64ae8195c9b24313e658d1a4f9a

SHA256
f6094a21a32eb3ee71d1e09d86cb52fc51b7972abb1f83bbaee296a4f2948dfe

SHA512
d99c40a6607e9a5a3fca981c7894cd2f33bf3d4c460c141d2b9d816daf086c11498d66d087d409a60f6c4b96aec42d7b5397bf590dc61957b302368c0bd4584c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a278c5c3cd9333fe3e13e79626baf7f

SHA1
eb5ac2b03e84b6b24a2741e4e8133f9d8c938250

SHA256
905e7fac258df8204c736e35405216cb2e6c6d1ef597565350baa12dd1d57c6a

SHA512
62ed49414ded8210b10345adb4e698f8506a29a0eb620f0cf137fd4d80b306e1711d1d6c9f36abc8c0ffc95bac4184d0bdee7563b5dd561e29c9b46bd9cce6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
8f61a2c0f022b07a9edc84976df2c543

SHA1
f697b1581db0afbdb8971b3f9a974ddadc6fba4a

SHA256
23dd2b972a4a692eff0c6684463e1740970c3a5171b0fcf93a244a5afe37b248

SHA512
93e24c030cb71f933de1ca0657b833ed11d31d33744e2d1f6e263393e9764fc112b38aa2905019330bc86d2edba9c25a35738e0249a5d39382018a743d7414cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d30f.TMP

Filesize
203B

MD5
263fef93eabf80d86cc99d506d1c550d

SHA1
9f280f4717d2be08e7dff017b57fadeb848fd8ca

SHA256
501f4060c044cd2914ab3283346bc48c69af28585bf9e7d00795ab4ce8b1ffd1

SHA512
7f86a6e9d264ee8c5fef0e97b6427b2502d4fa01a7ce07d68dbed543b414eca29ab62da430ad7c50b0d8a8d81e2b9e62fa8cbf8d22b92e6f467f25af8a94f1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89e2b38ae5a8b143dc33f43e261cbcb9

SHA1
d8962ce651ef10cac7a4c8e6fd2c4875bb32ed83

SHA256
b703dc5069fec9755f19612797e4935c5d8216e6de24a701d70eb3077762cd93

SHA512
7cf3d5934b920c5df3eea549366971d0659f41f7ec55532f04c285a1963a08fa0ac45643e63e77031db0da40ed1bcfc1fcc8b7fad7e59cad09d63cbe3f1e1245

Download Submit