479cd24e94fe4904033e34af988f8c5d88c960d3fd90781ae773580a7663a331

Analysis

max time kernel
140s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1ce2ecfcad61cfa188245eb3f1c6b4b_JaffaCakes118.html
Size

91KB
MD5

b1ce2ecfcad61cfa188245eb3f1c6b4b
SHA1

6bfea8c7d6f6af77153654d7745697534efa8b80
SHA256

479cd24e94fe4904033e34af988f8c5d88c960d3fd90781ae773580a7663a331
SHA512

5cf05c12320c9e277f1eb98bd846b62f67a89041128a496019ec6b65eb8b3a61d4a82e06ed37ecef8d9ae5cde49bc3622a0be3ed4a62025011fa188b0690151b
SSDEEP

768:pUlkNdjVSnSWN1r8aRwQmBE+Kje10RH/x1qOnmVH1EN/vI///W5gv/0xofDkovj2:HdMbRwDE+D0RHehflZvvjjmXPdB

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
24	sites.google.com
32	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
920	msedge.exe
920	msedge.exe
4696	identity_helper.exe
4696	identity_helper.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 3688	920	msedge.exe	84
PID 920 wrote to memory of 3688	920	msedge.exe	84
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 2396	920	msedge.exe	85
PID 920 wrote to memory of 772	920	msedge.exe	86
PID 920 wrote to memory of 772	920	msedge.exe	86
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87
PID 920 wrote to memory of 3100	920	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1ce2ecfcad61cfa188245eb3f1c6b4b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d6646f8,0x7ff84d664708,0x7ff84d664718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16091710452633338762,130522953113658954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
21KB

MD5
c3a1bf5fbff5530f55ad9f9fa464f25c

SHA1
449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa

SHA256
4ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0

SHA512
75aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e8a03b3d6f6d49708c98dd2aded27b8e

SHA1
9099f2b543179a3f41619d93288bd654c36b0024

SHA256
6527abf003b320d97ccf3ea6ebd0651c06a50291d6b184e180efdbc4b42bafce

SHA512
07e955ef290549887ac372638c18cb84f285f2a908232c787050d533fbf47820c8882ebdf357a2af09f84e874fee0ec9503d71d0ecbe414aa182d14e165cc2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
850c8ead6febdd95e831fe6f244e7dfa

SHA1
3877a1651f2f08d4c38cd640e8e976554c73d529

SHA256
c416259eaefad613184e67c181e521700ec80e90f5e712a018ee5cccafb3a108

SHA512
08ded48f8539aab38b4d5b0b19c7fb2aa97e8b8f072a0fe8436efea4968053e7b9ea470add3dd87ff3d0023290f1783b8cc88b9617a435f07e228d6c542b3890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
59936db4277d7fdd27b406aec6a7dd6e

SHA1
503f527bfe1e1d434382358744fe8d7a27225ddc

SHA256
cc20912a013d79053596beb47fc5c1e1b1150f5be4b8df3cec00f8d687717bf0

SHA512
29cafdeea792bd75d2b72100d3793f838277a7c734d46ccc8fee45200545b7d49a206cea213e698cc67bb4145bde7802d0a398b1c7cbca3c1d7f68b2037eb507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
237688ae22bb6ee8d028ae75c4b454ee

SHA1
c8ac75b6ba0775a0386bbaa8e0c32138b21f8e84

SHA256
a0459f15b043e8669f991cb7605e7d15a9fb53dc970693c55641a25a5640acf3

SHA512
4695bf21ee28518561c8dbaf294db9dd2442a343c02f7d73d44f5b2b74b7c447308fa2cde17cd45acc2659876266ee7eacba78a2db06510184312a83a6c79329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ea6b25bfed87f4478e6cb33235d2482

SHA1
84548000e50fd83f95c727cc39b3bde4c79ed5c3

SHA256
eec9ffa3f74296d498cc8818809a35fab0212ca16a6a148423f801cba7eeae93

SHA512
19f4c7c8058644015b3a9ebc13073f9d714bd82f79b6c6f03432919092980ee636c818666731148f07008f8049e595c5cdd8eabacc1b3490cf9017aa0f216c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1475e952063e39b185788e63f7744dbc

SHA1
059acbada8904dbaf2a01838e22df4caf0d95703

SHA256
aa569d3dbfc8cbf5c6f679ad8a464209bcd0eb279e9eecd0e73f00c4b7c21e86

SHA512
e51c642dc0f4600f7682c0753eadd0202c8d383948a6ea0f5cb6f7bb4f6a4063b7ac3494c4bfb48e6958e4be1eedb33f0503dcf06ca7185e154b5b9a745c6b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
649ad33f2366a71ccc889c2d4e8330d3

SHA1
6faa393a0a90d30dd05170dfb3b6a097b7715c8d

SHA256
9aeecbeaa71778e62fa862c89c82b0eceefa283d9de380500d7e75153872d6b7

SHA512
2c836babc9442f7285d85db4076e13d246f186339b3ab5370a87a11f4dc50e1b9dc0665c7eeff4f56dc0cc9c4a1bf80a994beb4eaba1a336b37ce69ca2cd5492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58506d.TMP

Filesize
538B

MD5
3c4f5151caa7638266d8f2feeabda882

SHA1
49ed881d81f1c9b7d5418ffb8a0021dcd0e18b33

SHA256
9e7efac42c8bd0b8187a142e4d24b9e1bfff4e206459e40f7970472ac8a95abd

SHA512
f41de0c00ddd387a295caffff24cfd72754c9b0f050196869f664466d942f022ea3ce1664c3cdca73d900dc95c4bd97d3879d332fb7bd37e2fcebc8c3ba9b4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd9f8001-6a05-482c-9bdb-3ead63a5e4d5.tmp

Filesize
7KB

MD5
849cff86c0e5bedc14a2d83b821aaa4d

SHA1
123cef333b715d3fc38ca41eb487d97e26b813b5

SHA256
0dd16ead40fb97d965fc9d42e83693c7a118ad1acf000c80f6cf54e0182e68fe

SHA512
5fd2e3e6ce5bb3d60d958611daca3597315ac1be841bb5bde667750523115172525a9024c9caaedd73fb9b4618dc092c0c74e8975604a472a346e683711f38f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e27cdaa2-a80f-49c4-bf9b-f7330e4f22d5.tmp

Filesize
2KB

MD5
5673b70e4fdac19cbfed349b12ea111d

SHA1
e5ee3377b61ca4cf5687fbb013192d670d50176a

SHA256
4b41011b6dbc96d811870fbbd511939aa91cd54de2fcacf13330c38cf80d40ce

SHA512
24871f619e974102aabab049f83fd521204594ce88e5f0b4852a28927a1317f89209bfa25c83cf06e62ccf3d276c56c19ba22465bb2f5ed09273ab1a3ede43b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9b5c20a-6f04-4f8c-95c7-302f40f468af.tmp

Filesize
7KB

MD5
63ac4d1baced090ed1559bf7d5a0df89

SHA1
9cc8cecc5f44a94369051e967fe92f5cf634bf42

SHA256
d7be7399e6e610d7ea07d7c16116f297aa49215fa0e8f62540bcfdc50adec0ec

SHA512
d992c6531be7d9c0f7f24777fe1911ef4404c7cd8c5124a2ab5fab500a4edb20951eacc02af75286b9dce0ba79de4adafc433dea3265efcb32ac35357e24b202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b3fe44e7-d1ad-4130-a84c-bb51fbc8e6b4.tmp

Filesize
10KB

MD5
40f41403e60aa700a73aa0ccdd04fb8c

SHA1
b7dc946e0ff63cc898e34b76b97bb9321cfc96d1

SHA256
a03e15dad729a67f6701bd188f89b219485ef99c1c80689f93a33bad3ea1b24c

SHA512
da44b78378637241e0d334c104137e2aff76a5cd01bd8837a26a07fd5a02e2b4f199a09f5d3d5ca20db10c2e037b8a4557de502560448e87069ee1e4f2229142

Download Submit