062bf094865566c71201fd0e9ad5533af69209b51e356f837f5a3fc63b2fd5d7

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/12/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eed7a454e530b4a01e858baeec510732_JaffaCakes118.html
Size

223KB
MD5

eed7a454e530b4a01e858baeec510732
SHA1

00d7797a34bb47761d0203b6d2c0ddbd58caca89
SHA256

062bf094865566c71201fd0e9ad5533af69209b51e356f837f5a3fc63b2fd5d7
SHA512

3b5478cb3c5dc934f7f9c083a1b59be062c2a2380cdea59b581a89bcfbaa007069435df854443d22b8213c87d4adb937848e6ce6eecd6714e82ccadf331f0994
SSDEEP

6144:Z+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcHhEKQV:oRELVzhXkAN8VZQLfh5JBpknvjXGXgco

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
5048	msedge.exe
5048	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4724	identity_helper.exe
4724	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 1920	5048	msedge.exe	84
PID 5048 wrote to memory of 1920	5048	msedge.exe	84
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 1564	5048	msedge.exe	85
PID 5048 wrote to memory of 3080	5048	msedge.exe	86
PID 5048 wrote to memory of 3080	5048	msedge.exe	86
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87
PID 5048 wrote to memory of 5060	5048	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec0024718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
07d7919795a891800480b7e75ea09995

SHA1
8bdf893edcb185005e9ad08117e54f74934849df

SHA256
618e14abd15feed600c88a9cc6e2404fc71e8fd82b699c0488600abf06c5cd88

SHA512
c2284f0b725e06efe4914b8340e9d3b0971c6ac955529daf6629358f85e8ee17b92e9ff856c09857fc7a9b815039462c06961634013ba1dfcb4ab71039c85077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
535627b7535a983c0397d9b617eebaaa

SHA1
2d8f17613ca5ba09d64e8a7a6e07477892596960

SHA256
a578475450594ffa70f906f921141ac15b3c5bf6eace43fa82216b3ce6be2bb1

SHA512
d5998d5a20ff158b0921010c0e032d6fb538b754d52da04cb22d6746dec638e7a198953682df86f10cb02e8e53abbef35cd978500a791834e00e7bf8282e5af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4b06da961dec9f975112d211b58c6c69

SHA1
728e950710668cb7c2c226a0888ecd32493be375

SHA256
31f2c7361e92b0869b038cc8f281011ffd41937f4fecd524a3182ac55ab5770e

SHA512
ef81c502a39345c9f4b2f0aebd2ea37e3b29dd73985151071705ac8798c5861ff46d4cf795b9b9a0add15a833da98a2dc1c1e567c7a82175fd040a11dc840058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02498a3ccf688dcd5939ac6669d6e1a7

SHA1
5ce81d7e833242ade69083c9c5d440bafed51c22

SHA256
7ffa1082594458326490ac53ff273eb8ced299fc5f36f8c139b3d075d76e2009

SHA512
12bb71b6c6cad5cd5ce3b9f61a316123e5a7f0fd8714afdfb4ac968402bc6959722b4403b9c4e49f22d09562b53cf7e20f483e4bcd5c2d4c2d7ad57e8024788a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
428300ff7acc9aeb3f4eba784bb7a19d

SHA1
c76b46f5abe07abd7de80a5a75e54a6d177ba189

SHA256
42c224871c187d8bf81ff60c50fd46470575b3e5746e375f58eb9817dcd1a7c1

SHA512
d6e1191f6eaab198a76cb67741cd154b58f6661253717900132cf462476646a7c1fdf2ff7c0b98078f9b658209aedee3fea0c561ebc2163f4cc548793553b0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d379b596cef8c0b37467318bd2a8381c

SHA1
1ddf42cb32d61511215afc56d4d71ca649a8e139

SHA256
b1ba1fb7f1839f403c3a618b33c5c5e0e525bcdc829d5d37a91864fa4196ffaf

SHA512
1c5fccc1c297d5e020b8d21c3d208a5cd64bc1d69fc4030892f760b94d26ca84804062e86f0b1d514c1c88541bfd808c8d55793c6270877a31b5df641a51d687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf9cf486f470239ed2ec8a8dd974e4a1

SHA1
5b7d27b6072bb8acb696ab1f94afff1b67374235

SHA256
4e79e80c2455f25791169b9f302c96f8ca72febc949eae4a6a3e395d7ce5c2aa

SHA512
75bc3a6d4b4425705c7e24724a578ec4ec98e75b32efea9e377a32346bcb8ae63d6bc373c61a8be80196f39160181171263ce7c3ec5c8ad1a7c424d4921d5e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8a7b07dbcbeb582f6b2e32cbbe9f3259

SHA1
b338da9446b1fc8af7f123f0043dffb852e49a38

SHA256
dda80ec85c5d60b068dca5520bc9b72c592d0e1ac05626c97442442ba6212396

SHA512
1e6dbc78532ffe95f4bb1260ba4b57377c2cbb3953e2ed6d8fb266a6d21f4f69cc405e18337a8277d8460971a648c505d54bc87b420b3f35b939ef43e40512cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586abb.TMP

Filesize
203B

MD5
11c35392d9f3b17dfef409025d7b9d57

SHA1
2bdbb69872a4b04dd8e85517b91954d9c09af05a

SHA256
bf777871222d303f7be5c972d1b2d058e5a6c4973ac195f9cf006f653ffa201c

SHA512
6945eb4af16325dc9e5ad9ab8b32e174264e5c866f8688b681575a9f7983bfc3ff0961055b8ff9fd6110a9081ca7d1abdcf94620ae971e7e46206cc685734ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
936579ae02131f0dffb79b75ba9c55eb

SHA1
238168a1b52bac1bc7224c896f7d908fe7a65741

SHA256
ba96792b173df43c2bee069606476ea96672713119b6f329f697435e37dde73f

SHA512
ea6cea1c9c528206bc63ca91f0b86429afaff55334ac557099c7988c0f620311f0d341f4e78158ca6b4762e46b34013810253c29a8a0125ef10cca81a541a022

Download Submit