a63f8ab2593f6e31909a18cac7daf760c3333b77a21979432e31e7a85d3709da

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a50071c5de571769277bb98bb00b5b4d_JaffaCakes118.html
Size

59KB
MD5

a50071c5de571769277bb98bb00b5b4d
SHA1

515fec5d6bd92b9d5b3ecc3392aab4598fda960c
SHA256

a63f8ab2593f6e31909a18cac7daf760c3333b77a21979432e31e7a85d3709da
SHA512

24edd8f5af38abc95b3c045a8e0259976f76411c19d28a6d7b7f75f86005d8b811d3fe12787cf5a7435ec1701fe9d8965ced6891fbb391b63fe75cab8cd0a322
SSDEEP

1536:28wu1Sqc5dmWsuSJ70T1GaAtV0cwTPPVMSg2u:8qc5dBs37ofAtJCV42u

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
4868	msedge.exe
4868	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3776	4868	msedge.exe	81
PID 4868 wrote to memory of 3776	4868	msedge.exe	81
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 4996	4868	msedge.exe	82
PID 4868 wrote to memory of 1940	4868	msedge.exe	83
PID 4868 wrote to memory of 1940	4868	msedge.exe	83
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84
PID 4868 wrote to memory of 2604	4868	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50071c5de571769277bb98bb00b5b4d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
09b178208eeddea23e17117435ba6158

SHA1
b17c57a943385d6608eeb33979a4111cf6341ed9

SHA256
d160beec5c0f799ca64541ce036e3f6405f75fc006b017d1cb27dc1896da32bc

SHA512
cb5d06b255bcccad4c28e8c13814e024e3434544207f024d4a9599e19b8b821656a4bde7b92e6c2479b85ad7023d3c581fad825aa82f2c1ff7bcac45f2071dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
04a7d959125600b005526cd1cfad83f7

SHA1
ea04dd74db26cdc5ea1c73bd5627de3127d34b3a

SHA256
1d965e002f55b68e2d860a412953eb94926e7730f994a9cb4b81378180e1ec6f

SHA512
f205bf074aca86ccd873462aa456bb7bddc22573e6721ae5092aeb84154a1d29b0d5384baa86b532b270b245c96577c4b5c66ed17ed080c800112ebb3fc68bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7340b7adc5516dc9da91842a7f658529

SHA1
f05f71f4fd0d4915345578d7f28ad2f916dd0627

SHA256
335fde295c7f92aeba94ff191528bea206e6ea62627a97dea9f06a797e49615f

SHA512
f39d023cbff7e5bba5edb68ee2fd8fa1cb939c364b76c6e44d7e0d7c627bf226a8cc0831c7b6c8109ff0a00af7e8ef19530ed7fc7d676f2364e5e73bd49936b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d48bd3f6bb9692116706643dd5042788

SHA1
cdb996aa1477cfcae1296ebdee8fba7f5c2f41cf

SHA256
42756a9c5aa46e72866e597cf233904d0f0ed0d5989b1f05c53f8b246718a642

SHA512
cbc2f91673735e65d0b61a876de3cc670d0055260e4fc55a21558d6a110c4b400d18cc2d4aabcc99d4d933702f9ecf4f490c6479a2ae79e3d9ec40424158a27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2184f82510cb562327d0802942ed25e

SHA1
f8c1773c05fc313a37c9a6c2b1408773a5935546

SHA256
57d35c9a7b62578fbf698e6b6ee0b274ad4c1b24b29dba67605cdc710ec29497

SHA512
6bb3a227cf4d11ca2ce5ea21560cd7fe25edf6cb3d3ae884a18e5e5610d170939691f612356a3e130033b00283f119cb7f214128666ce3858eba0dedab777c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7feecc12e8404208166735d2026ca3c

SHA1
1a547783c9c4463aae6db0dedff0ee8f45f9341e

SHA256
3417f7e725909ec9dff779e30a94a21dd74c249bb84cb557472db2b444267ba6

SHA512
f573fa1f3db958b34b73bf65ee3ca868016054c169c4aa1cba47713421e58e86b0e98ec49d2de9a937d716bdaafade09d94733271d9ac8013668ec5ff11fd0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c6ee21f098c21a3665409b5fdc736007

SHA1
64cc42683160d6cd544e9280cdd0a8acc9b8728a

SHA256
b1b801f8caa92c48ea2b905d5a2898f6dd64ae98789b185c1a94355fd002c5ae

SHA512
bc5982fdf25d10a58686c0ff0ba79e7de255d04b1e24af7347948d8c39814e8cdb288f0ca00ebbf49c1abd7df1aff5b196cfb40e78ee0d3cec416d0c7be37311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
819f9f3441bb2aea580da7932196ff0a

SHA1
c266a2ab7aac41e4305003a319d55abdb789bb85

SHA256
52d1d34c5737066c0308aa671b0423a3ccf47c9912147425a635a5c9456f2012

SHA512
4d6f622b87908c5bad6f645ad9c267b083b251ec2d24148dcd5f3325c1dcf4edb4979c325b71709f3f48138b1d945e89ce919017b7a49d27100c7bc5cf8505a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57afd7.TMP

Filesize
201B

MD5
1f9372d234c20dcf6254b82b67850c21

SHA1
17c05e7c4c35045a79e42006d32d6c5062a2d302

SHA256
423aab5c61cb6acf96a95b96b407c499f1744c3c249d5be236d10042754e39e2

SHA512
bb6ac825743cccb34afc3d4a4edf9b04f5e6fc621fcbdab32bb8622353123601ec0fc8826bbc01830a7640ec41a0ec763ead4477e177bbd163d8eef43dc66a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c427da9bbb5b0ea337e8146ec08778e

SHA1
a8c62caed7f26c34269cb8abff3a76776ca22769

SHA256
9f837bc3fac0a31df08ac7b498e016798ab9b608df6078344e578b55566e15fb

SHA512
498d6160cc0f09a71bfecbc49d34fe8012e77b3f124ac88152bc2e8ce49a2681e840b0a9c54dcdeb7bb43dcf92a136e984ba570797cf233003155c615dafc6ac

Download Submit