3fe9345cf5940145a1889d1347b863573034fe9a6749903e2fca42f8ec618b21

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0475d14b0476d347fc1c476a8f12f606_JaffaCakes118.html
Size

95KB
MD5

0475d14b0476d347fc1c476a8f12f606
SHA1

6238a11bd20726c91f90ddd16c2ce5fc97711e29
SHA256

3fe9345cf5940145a1889d1347b863573034fe9a6749903e2fca42f8ec618b21
SHA512

8c2546810a056564b84b78581acc47603ab9948bb17d82f1410fd6ddc0cc15848e75c99649def5da9b66cbbff3a825077a61d08a975e99836c57ad30b60f31eb
SSDEEP

1536:mux8iWQI9Gth8Me8keYVeUyeI5ePIPYnDzrnsXoaAAfab9iHN78Sz:L8iWCAAfaxiHN7x

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3336	msedge.exe
3336	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 1100	3336	msedge.exe	82
PID 3336 wrote to memory of 1100	3336	msedge.exe	82
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 2544	3336	msedge.exe	83
PID 3336 wrote to memory of 3888	3336	msedge.exe	84
PID 3336 wrote to memory of 3888	3336	msedge.exe	84
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85
PID 3336 wrote to memory of 3412	3336	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0475d14b0476d347fc1c476a8f12f606_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf28c46f8,0x7ffaf28c4708,0x7ffaf28c4718
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15366323944072973519,12366168908375532643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dba2cb6bd2fda8f2ec8d5dd47abc679f

SHA1
854672f07715e4f9a912e19d4909e960e221da54

SHA256
d4683904cd03464aabe512bcff66fa5514ad64e615fab39975dd401808dc4877

SHA512
bec89f59cf5d551270659b826ffddb8e2ddff912431267c34a1354b4f9eff740f9dddb2c8a89f9ce216343ae8303183fd9ffa6bb87e7d37f4c3f3c5a9f3ba67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cecda2584c5651c931d931a9cba50292

SHA1
eee43ab568948517c96526ab56feb9f1e04d2258

SHA256
3b00be95548b18302a8ee0f3a6004a87d6c92f44b71d7c422516455110bea072

SHA512
912aeb56204ea892fb47c6574133199f312397ba4fd98a4f54e4666d783e40ad904eb2603c8fa6e6348f105eae3aef58fbcd0e7919129d408ce56fba550419e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30e617c3d63346a7f9621d4f63c41e66

SHA1
625d55ff88dc6dc063ec9c90a851acccfd5e2be2

SHA256
8684c243fe3472b493fd1057d0370f3f3f4e40d902abf6121e6cd48f18b9ce51

SHA512
8b149664056898021139b089793636e894765b05897ff92dfdf845cf1ab9affb1f2d1dc16289177dfcee76816c2f166be6f4d3d4471003d7bbf1264ff2d5ab93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
488816d14d6cb71f43ee765d387ad44e

SHA1
022d098dcf234710d35dbcc20aba8a247decb493

SHA256
b273f23ac3c128c45e8b30bdb7ba25d464b8da01929d5f21733bcd49877f6380

SHA512
7206fbc32f88bf157a36d9d16761110c90d8e7078e012354546c152f5e03d85dfcf770cb0ed0e8b1ade312df417eccdb6adf588a6e52912c4d07fcf9615d0e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce30eaea69719fb262de055513c13d75

SHA1
eae72be7770745b091552262d65aec581a527004

SHA256
a076f595f5a1732790b6271e4475c7b3ed97a91e358b5fe9ab52ade3a9c28841

SHA512
56c4cbd5ae1b37528708083f042a9fa248501361d91cf66c407281e225b6d99c250f1d89d845e6b55d79448dc04e4c8147df938292c33c2c88c4e1072be1d0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ab542f5821db4a499e517f7f1dc67b1

SHA1
17c39e9d83e98e8b4362d4ffd3e37a9413afb7e6

SHA256
d2dd1eb345cd6083072e64590b314d61aeed913582ca5c4018bfb94945435e3f

SHA512
c80ac7c544b4e9646ec0e853c2b852f7163d41562a6e53477cecb420feb52629cf0ce45e25485c0739e73e798c9a6ff52142eaff178813de6e9f68fdbeca54be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d8fab4e5b8975086bc26bf25d4d2939

SHA1
0dc764c23faa0cc4aec688f0a0d02e58c23f9ea4

SHA256
c8d8cc5240ad9419d801611c5b123b95edc0b091ede61597f038f9d58a04dc95

SHA512
2500941bab1c39dc2d005e8cfb42a2e37b9802ec7c3272a96ca8033b97a9ce842eb639ed9f6059c68767ba8ea93777f2f8cf836ce3e9b47ef91dd1a64c7b4514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
378f098de634f0750800400be6b765ef

SHA1
1a2433a743b0725488a88251bc0419e2782a1d71

SHA256
13e6a927feb75919510782961fd833eeca5857d0f481dff59843cbddc2c3ce9e

SHA512
118ee075bedf45cd5279643715dec822d7467cc5b9ec593b7cf16f58ea400a1c334d17cd719b8eaa73aac4765c915fd03f25a1bc27b982b3668c76ac9f5e0585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800b7.TMP

Filesize
705B

MD5
2124a8be0a484a2e004de1c9df49e445

SHA1
a3577c8c707fff044ff96cce53fdd1c6f486b0f5

SHA256
edf4d21a89464bbfbf85d6a86e2f2ab459b98a0938b726ab9170d075edd041f2

SHA512
f99762122611a4f3f474f24946606ba5a19bb3ae2f9b937c33910518d72c32956cef366298afeb0140dc4395f2e99063c949922e3be2297a148c7060298849c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f96482bea2498aa67422d5382a074379

SHA1
e2f50570f3024cd336d2e880622c5d47daf51508

SHA256
d805f6e350e6f445acd14dba8146338d2ec455012f54556d194aef1f8351cbb8

SHA512
83c0999a1739c276d8f9017c09b2c4e5f6250e0044d4362a696164c3476ebd18652397b8707c05183654b07ab040bf9b284f17553877ad14e6889b3b22b6c6ac

Download Submit