742dc9b6431ad57e660b9b321fde273fe70233c7418740d7d4db46837c61ead9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afbad13a0c7c64c3ee3d9cbd9eb7f6fc_JaffaCakes118.html
Size

312KB
MD5

afbad13a0c7c64c3ee3d9cbd9eb7f6fc
SHA1

85219ac99bbf1cae36bb2b2807e34c947c7294f6
SHA256

742dc9b6431ad57e660b9b321fde273fe70233c7418740d7d4db46837c61ead9
SHA512

d4125963796a086fea9cef40d20fd1889376d2bfc2783d4da890cdd28018263d3dcfacdefffed2d5ecc88ac1763b1677acf288f7dd82be4b3d01152245450906
SSDEEP

6144:+XH+Xg9ah4RnSLfReleXcV9SgRL29gX11lBdS+1SrTqbq+WvvRWTmHzkpkENcgE:gvE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
3620	msedge.exe
3620	msedge.exe
1548	identity_helper.exe
1548	identity_helper.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4308	3620	msedge.exe	81
PID 3620 wrote to memory of 4308	3620	msedge.exe	81
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 2216	3620	msedge.exe	82
PID 3620 wrote to memory of 1952	3620	msedge.exe	83
PID 3620 wrote to memory of 1952	3620	msedge.exe	83
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84
PID 3620 wrote to memory of 2256	3620	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\afbad13a0c7c64c3ee3d9cbd9eb7f6fc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6fcb46f8,0x7fff6fcb4708,0x7fff6fcb4718
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2279875301371793137,15759559142695425135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
bbf9a21c33ded078bf17eafb5cb631a5

SHA1
fa1a55d46cfd361669f1c88655a4d76215a5a7e9

SHA256
dbd30b908ac62b343597537d5315dc700dabafd90dacca93fd484172a54d432a

SHA512
00b15358fa3d4c32c3fe6838efbf4123ac4f262f290bbdadcb9e53fb1893dd7815d0cb79149a9fff937061b354adf2cb22101543d5c0e315b5969b06b1b50e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
00201ee317531a45587bccea20e2862f

SHA1
73284711dbf981840ffb48160c455d5b2c163c86

SHA256
2ddd8cb726bf4ba9f05e9025790a72b12de3ad57637378bc0450d6d1d47dac8b

SHA512
22b18345313310612bfee4aa92adf322c2a81dde0cce344a1aea73e583b3bb29e6cc7d27a537a6abe40b6cad1e6589dceee97d2185e3cc45f8da3380834c1fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0e1e5c3cad8142438eb0ad1f67707578

SHA1
bb8dd0d5fa01eb8aa31feb4b19c560e5a8d2b57f

SHA256
48571c45b9786242d26468058bef37877b5d9dd9ff5a7fa60e12add64910bafc

SHA512
35417642e43a5dc5551af552f662c3ff87105e1989ca262cbdeabe1af2842444e052bafddef9a421af372e87330693604eed09c938a0390b57d3c105e4d38e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd9855288ad6143fdcb150753e560120

SHA1
6ecdb56bf6deb0dedad0e510813d3bb9f0291d5e

SHA256
0bcf871935ef548b9f91f018ed94630594bae081ebd28b5d716ae7574e98d270

SHA512
0896993f06e5f984a0dd029c759e7ebc200bf77c212cc3631ad135df3d466b842dbadabd0469f19458bdd0705e89c8b06f16fe488e44c5cb5786dc8f039cfdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48b3080ebc3a62c4fc29cbf6179d2a60

SHA1
614a3eb7602052f2b28909cf3c96cb53629909e6

SHA256
e39b0ac5110130c590be85f38ec2f6e6019339f5efd53e8f1bc93b3ec57fa032

SHA512
7b5087b2ffe1e84394cde96e5c76678fa9adef9a3d5db78cbe8e861aca5aa45e82b918a1f4345fd4cc86b28850ec68cd3ba00ff6c15e40b5c2a446b96b9b0a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e27b4c5b7e1a2c2590d49d4001815f99

SHA1
693b5e031f648e3d5bf605e99d5cadfaf9c1af62

SHA256
4387b400a8232ba1793ec36584cf6226bff4a45b589d35f7d1e7b71de5c19806

SHA512
234a57226bbcbe3b0573bcfd45716fae8d29eb7d768b3eaf5de36db28fc9dbb891df588d6ccc1c71fb837b5d39be146566fc9c93d6999ad300e8c9fbf5a77992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2c5779e049c6f4d678cee11f2074434

SHA1
182c616134d7bde1867110dadf62e9bc2deade73

SHA256
5fa3f899b80699484d4938dc6aaee967a8f476ab6210efc9ffd944b576f4e79e

SHA512
471ccdbd8744cf7aa297e28afde9ee69f7422bba5257265b03a38b7b07c43944d4bdd7410c3430c4dab93be6c07879de6c2fb5821d7591f4a1d02a67cd71406e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f492b77b8eacf33ab2c51747d7f124de

SHA1
7f37ff57f114ca350cd61f32e352d7b5cfdb8d2e

SHA256
6e17a39e8b9506954183e02a1687970c1f95c747ea5871b7a1993cf2134ff6cf

SHA512
80c1da140ff3e22accd81e5bb8374c51216259be9d9d256810b1548444d9128c407daf02505218d3e2175881a228367cecf1b05595489dda1ea2e674e6e2a663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b4c9.TMP

Filesize
203B

MD5
2b42466fffa7165a6e514d5779ec069b

SHA1
372c16ddc10b0d2be445c0b0fcaff73a68ebb87d

SHA256
827d75fe0819f7904d38bef2da2116502aac99700f3cbfa89aa91fc184839519

SHA512
584f1a93d92b44791c3b39469ea75501526a4e3224aa66e11da95416b402c4e66e491e531c514f9aeaacad207ffe028a414a277816e55e8f521660955dd752f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12806372d680311ab035b394f328d9ca

SHA1
3a3181e0970f186415f7dd25ef8030f68e212a62

SHA256
3be90643802927231ef9a9250401eb0ca9d840128cee16bcebb47975e4812aa5

SHA512
28a393f2517ee320ad7ffef7de33a183bf39c914e882e499052bc224c69616561f8e09d2878b9604b54152d332a8a967c9fcd3babff06b0f8d1ed4fe450d704d

Download Submit