2a1b63b5f6fd07c560e42cf4c5f0b242dddcfe3c31142fc25091b3311b070f44

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 18:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

14037dd62b6a6dcf645011326897dd7b_JaffaCakes118.html
Size

43KB
MD5

14037dd62b6a6dcf645011326897dd7b
SHA1

2aecfc42d710376ff9d8cd5c1eb92df9bafedbea
SHA256

2a1b63b5f6fd07c560e42cf4c5f0b242dddcfe3c31142fc25091b3311b070f44
SHA512

f1e95ee6c51254e750f968eb890dede6a4ca7608fd50de84aca2fad7e57d6e36255ae5771af4a94aa78a618767d68024133b66163456a60cb269400251967f6b
SSDEEP

768:aarcvaxH7MRYnS+uMiztBmavuM2EehE1JuMMSjum9GuM7qtbbziD07jZ6iD4uwFU:azax7+JC3TiuGl4pFFMMhb4DsFhBsJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3872	msedge.exe
3872	msedge.exe
408	identity_helper.exe
408	identity_helper.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 2684	3872	msedge.exe	83
PID 3872 wrote to memory of 2684	3872	msedge.exe	83
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 4908	3872	msedge.exe	84
PID 3872 wrote to memory of 3696	3872	msedge.exe	85
PID 3872 wrote to memory of 3696	3872	msedge.exe	85
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86
PID 3872 wrote to memory of 316	3872	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14037dd62b6a6dcf645011326897dd7b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bd946f8,0x7ffe3bd94708,0x7ffe3bd94718
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2065436278023783402,9563331547413600085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
27a8867d4a8f603d913849954fe51faf

SHA1
0c73c57a29bbca9b58246a08dd2f47e5c2ec5ac2

SHA256
02c443a6baa989d2c22cf218281b5e8f4c3c763cba5d89be37dff833bd684582

SHA512
7c306c92920df0cca39621cdf37691c5b32c5541653b5d4503bd0444c3fe9483c5aacdd0cd84acf0d3edbdea48136475ffa6d8682f02d592362f98e9b24f42e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
b2f213901d4ff038d150006efd8cdb00

SHA1
5e9e9b81e59bb0f85d0b96afe0886484165ab5f6

SHA256
c4021501d1b6feca79c943c21394ef99949bb25b5750066b196071a4544ed0c6

SHA512
7b1b20965ecc8da1c5c925cbbe689a6a65b9e048a3f6cfb741e980593bbae32e1a09a67ac026312b9e3c098a5ea2712c8bff2b44b7675b8ef66089eea72d98ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f4d453e534afa24021e20e84bcb68194

SHA1
1294b98a97851f1f0cc47033722ce85bf5bb1035

SHA256
4c7408cdaf017de2edc625a922034716fd0c25f14f2246c93e9e765f1b76a207

SHA512
396d7eeaf47ab7edd9a7054ce1fc0bd189f141b3afdffdd94c87162b83e15d9948f1691216dc5f92603554950c2eb0fbe7431e976cba7f1ccb7028a52d72534b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7d7e62bfee52c9e3e8b1a617a798130

SHA1
e4a46b123e7da69260fa394f11da502cbea4237a

SHA256
168699634323f1f3e995d9e34d14ebceb7aa86b19ec084e4101033c135c44c41

SHA512
7a512122289b4f58f525bb20f160c3ab800c95ad6c636caf9654a2bdda6f09c1276acbe5b0a30106d62c767c2e9493c525b81612ddfcc071959a43c1d44df388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d9f7bc0240dfe389a958cc6b4423d0f

SHA1
a3e000a62d02ea0081efcc67792d554b19492417

SHA256
44fb89810cd92b32a7987b91c43c9c5e9071c7f5be35bd8ebf52825bb29dcd6b

SHA512
57414e38c353b8d221a1708c753232ad2073ae29870d9efabc271b90ceb416732104d761f70910c10c4a43a999cde4093e361aad45f8eab153afeea7afc89324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef91a03d2a9f1cd0442929e0f4a8db8f

SHA1
a40c77b0d8d864a667d6b5899c678acafb34c16b

SHA256
210f1b3777a6d33f07a8033703701bb782268ee8d352d64e1bdf5062a1e0a638

SHA512
86d96084b93b9827d8ead8d428140dbb28d1c1449ebb72ed13bba3475aa7fb570d32ae7aa702a8a0722b29691115f0372453f73eb96e942df4fe02871fa36d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
abb7bae95d86bf5b93f915a2cc06d572

SHA1
8172b628ed9fcc3b3fcb971f0c4d85eef2d773ea

SHA256
c115c3b34442c5ffe5c6a431015b263b664ae46b728b8b56f561d0153ece9009

SHA512
7de473360160a3ebb3405c824f581d9795710a3ab011ab9a7a38582e974dadd6f9072848e2bab0523b28f63f0c31540d6d936d7be0e4ec6168fba663ddc9da09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c6bb.TMP

Filesize
204B

MD5
5d95124a7f0c9971a3c52300020ba8c2

SHA1
fad09f8ae60b3ad868f51eecd3b2d97b6ff489db

SHA256
4f800dc83b5567530dc24ef9765165511b9abc6acdc9eb83b814f5ea82eeaf44

SHA512
2da62aa784c1a4badc10d44028cea918052fbe85d4841c85ece4ab6ed59262588f9bf7ca20c2ec3ad6b64c3192d57e2d871149518a53d2c35dc2f4a669689da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
040dd0a1d4bdce469c372ff047f0ddec

SHA1
6e0d01364b629fd0da6faf6ec9d62df8af4dec33

SHA256
445335f1e8445550134ef9f4375c9b70f90337e6ab1425e816ad4fa41b933b34

SHA512
69297770fcef2af13d1ed268b0447774c89f21d0375db266324a487bdc27052ce56ed3d106882ecfdab8903f504840857573fc747a7332b4e26313804d70c7b3

Download Submit