b1f614a63cc60d04e22c37fab47e155dfcfe728d9efbcf3fc4e0a7fce32381e1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a697bd7c999c805c57f19a6e1c3d2d6a_JaffaCakes118.html
Size

41KB
MD5

a697bd7c999c805c57f19a6e1c3d2d6a
SHA1

c7bb1bf4fa59c7559706eca74a4ccf2ffb6692e4
SHA256

b1f614a63cc60d04e22c37fab47e155dfcfe728d9efbcf3fc4e0a7fce32381e1
SHA512

cac53fe58ac5afa314dab300a70b3dad0e121954912bf4f1205c09bfe81c2f97ec8cda8465f87045d69b7e2dc7a01505498b2699ee140f8edfc752988985409f
SSDEEP

768:0UTAWWvY1RktNjRsqv825PZsbfk9wZhVGmGWl84nEgEG/7flCbf010h0B0A0w0Jm:0UKAX4jRsbfk0vt+6aRBi9uQWR2auipK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
2600	msedge.exe
2600	msedge.exe
2580	identity_helper.exe
2580	identity_helper.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3592	2600	msedge.exe	81
PID 2600 wrote to memory of 3592	2600	msedge.exe	81
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 3216	2600	msedge.exe	82
PID 2600 wrote to memory of 960	2600	msedge.exe	83
PID 2600 wrote to memory of 960	2600	msedge.exe	83
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84
PID 2600 wrote to memory of 4592	2600	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a697bd7c999c805c57f19a6e1c3d2d6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeefbe46f8,0x7ffeefbe4708,0x7ffeefbe4718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14577427014670033251,12685064930779828745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c203f8c7b43b4c5535100a0fc8f615a4

SHA1
fab69e388fa48ce6e95a358bb74e34337fcd625a

SHA256
604760bc498566dc4b34b327fd09d733b73e88c3feb619b840cb33ce2985719f

SHA512
063afc7343198058d652a9e157f3bd160e2209c988a5632927ef08532c0ba7d446f4a621371f984f13f2a0ab3b55c72a0645b1138824e90ed518438543d5e384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8ec326bfc2576ff93cbce362c9914e99

SHA1
a57611d05adfae19d94e8ccd1dde024ed24f2674

SHA256
bab0db420f4e9ba43c4d62c06576a119b3da90b38cf22aa1a288002541bb99bb

SHA512
89f3076ff78cb47cee8e4a280f810d752bbbb34cc9adacebd49d8a33d0ee48434ad1cd6a5e40d3718bb02f6b1c567023b776e47984128fb55c52d36f572ff5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a8ab9e3055d44e8eeebd362454ec5fab

SHA1
b06523546c18c0f7138131da783c9ddd967e1f38

SHA256
5cc06cf0cf8ef603cf6477b7733d08e70ac40175df704dc41755f5aed7420754

SHA512
4854e02a40acfdf549d76363da09c3214bde6d6c7c47af7231f045c797e23cbdacc6f81cc33547aae668f000a0f7b2c327ab8ced8dbb92605fa41c6fd2272084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fbedb52bc130c2dc67f0a3150a52c7fc

SHA1
42f4ab79992a7829c28dbad7c8b0bf30be42d3fc

SHA256
c7455bf779e645a7a1afdb74ae455040619bcc484f9efc77250fabc1ca7c60cf

SHA512
b092db186f309b1ec5b51faee0732ad38b76da0dc8446985e8f9232f528637cd575efeb444977e4af9f9ee47f4cbfefab8e8a3f1df134c66d4d81bcb890d4dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
399d79fb53fa24f47fc3fa0cb328e266

SHA1
b79665ec89a9b16c0c96f7b66a99f05b9f19a09e

SHA256
c0b68aab2dcb39589e3d1041353dc6da20c3fe30f5fbeaf6b2b688d6f566da33

SHA512
6a51fd78f964b97b0bd07fce83a43f2f1d890a98c97c787629dbf921a0df7814eb7ed391f34ac277b035c06b2b9a0e7b6057d60db9ae33bd06cfe20603f1c9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8201ec79dd05807ac9eaf18004b02221

SHA1
a05e6210abdb10952c3e8e4052cded6cfdbfcb8f

SHA256
b0e60674f9a50f5d67732cc99c5ea3995914b17f0db1c2a8480f1a7551397939

SHA512
b812f0ffd67287da619f557786d2221c297625a2d92b2c48f6d8506cba679dab67332f4b2ef8eb7617b48f967d1f86fe50e1147625c3ced6b5e0520587ede823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2e58e5260b913070775f0785ba75f9d

SHA1
ecaa306ef6f4869d4b8b2353b9b31d37d9fddeca

SHA256
77deaaac80686a231d357237e60c4e2fc363380d9e2dc2f8475f3cb8af25cb67

SHA512
1ec694e99351bc7334813a4b307d738c9d0c15151d956e5d9da95c6cd3d5a98c28030b07fa86115d6920b452c6da02892f01d4321eafcef863bd0783713a6c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8b422de5a2d4c31243f8a25cdf410ca

SHA1
f73f80956b3326344b193c2f655ccb2768d44721

SHA256
67a492fafabb5b003f42851755bfc34ace1d07b05ba0e730f5d72e3e5ac83ccf

SHA512
94d1b322da9f42e7cefa16551a39c90244f132adb71bf5bc00575f3eb770537e8e4afbce0b3a3a9301ac0ef75ab78dfa33b2c18e197ed84eeb6f2824e776654d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
38fa2054aedb2e7b1d4b05e5fa3fb038

SHA1
478626cafb5f5ca2e0743d132dcf4fa0f2ce4cad

SHA256
a2b5b1f596ca5ac44c8ea60f02bfa6af73093d96af344dba65e404133d320767

SHA512
1c3e94f45d8c0688b1dd4b6eaa9df4458493e4fe5abc97115efe6fc814353910e3ae128b1de3db86eb4abfa4f6de170232a85503de42207bc1fa70afd889f6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
e2a8dbf6af4eae45414482fee87dd8c3

SHA1
2c18f33b273f7ee6990ec7f91d473fcc25262dbb

SHA256
3be8f9111e7a68c9f3267d4125767b6e6fe8cf507dc072bf987d9fcb849bf265

SHA512
3bdc696e6d8c9e119a7ef590ea0b84a1a404e146c5dffc4784aae146a707499a56485a7523a8f548991c7d3ae23101f77cb33b2f84f035f4c1bfb004c500b05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba76.TMP

Filesize
537B

MD5
9d1741a55010a04d729724dcd7c0eda4

SHA1
1fb9ce1bae007fc0d2c6f35964a0820e876ead97

SHA256
320c462a51c72706018bb06e0497665f6dd48903cb62eef6a37f020286b3c305

SHA512
2381fd9da743c5c421b400c27b4d5915362d7553076e65f2ff9c05ec7c35fee949931ed5375676abee6b5f6e391dabb2370645370bdf4cdda1ce669dca153dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3b047fa9cb5302cee30786c065d6106

SHA1
b0ccce46f009627da376282d8b6081671946f19c

SHA256
939bdd14d44f8638f24464db1343da388296590e2b05018a12cd3acbfaf8b0b0

SHA512
90552cb29c461988636294e518d8c0890a7c532b78254c12356a3230e55eddb2ddcc65cdf21276cb9fe934196e4b68ef313c921ea18c7261a1898f9d67d43ca6

Download Submit