687e0d1ab2db0063684688b73220a3ac97d0798e36cd185640ac0a9cd4036aa6

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 08:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

394be73ef830040a2104fdd063366bb3_JaffaCakes118.html
Size

59KB
MD5

394be73ef830040a2104fdd063366bb3
SHA1

1d7da239d7b3540d896b2185b1945132b444f87a
SHA256

687e0d1ab2db0063684688b73220a3ac97d0798e36cd185640ac0a9cd4036aa6
SHA512

9424a7d5a5b4c1f15e599962e5732aa5beb4188f1a23104e5dd8a1978a876dbec54004f3cf746842c34859011c4bd596357fdcbd65964cfbbe7a3b5c4e89b8a7
SSDEEP

1536:etXEfPkj0y5q/ZX+v6OqPARv69Cqq6anWQG7x3S6ImefH9tkgSQ:e36Wz69CUanWQG7xi6IpH9tkc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
1912	msedge.exe
1912	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1960	1912	msedge.exe	83
PID 1912 wrote to memory of 1960	1912	msedge.exe	83
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 1008	1912	msedge.exe	84
PID 1912 wrote to memory of 2848	1912	msedge.exe	85
PID 1912 wrote to memory of 2848	1912	msedge.exe	85
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86
PID 1912 wrote to memory of 4252	1912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\394be73ef830040a2104fdd063366bb3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c4718
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10794179119726039666,12326449149662791260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cdc307a-1b70-46ce-9358-d613e6636b72.tmp

Filesize
5KB

MD5
f46f0b2a2890b5cf1f0dd77b3f9ce370

SHA1
6c7dfe8458ce2d7e557ef652c2960fdec7c52e4a

SHA256
3e6f1c0ffd5f61171c8f160e7afa44ec73467fe634413c6f91f1efb6daa361a8

SHA512
5b53e07cdba8c3a5cd13ceae01c0449d17416f53985ec4d07605abd1a8d97034712ecadc6ff884233a68dd78d3cf326bb525d7bf86b4a98b2932949a81ba203f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7c95de3656ad5c849e3a13263e5ae5ff

SHA1
6c0c2ba7eabc542e26338ac87bb2917d4c79e8d9

SHA256
de15580133e6e20bf3bad2714659a77f52aded16990ebbd7ba2bdfa182438fdd

SHA512
c268da3f5f047e4055f9eb341594d507a9120620c8ba359030fb618f88d9583716a6e3428407b64214a48da0cd1b5a091f87910a1011e6a7972fcfab7c04d119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
309757357e17b30830cd55347bf42187

SHA1
7a7f1499f6032260e0f868fc8a81f963a0583619

SHA256
e750389bd00546f4f1ff1d0572886d6ed6f6c2d498ad57477434d0cdb2711143

SHA512
dd493762eab39f1a73caf9a2c84adde49add7050bfac1ee6e571293d8795ac566686eca8e8af57335a3716b3e06e26ecd1dcecf3c3a9ca7314b88b8ec00ff8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
8e516661697149720729ac3d3287e15f

SHA1
b65fbec4c689347180f598da5dc0059cf43e2d64

SHA256
2c3b3c64d51c67b0d86a173659a0e4a8c45c9ad10d8746ee46c80b76412fe6b2

SHA512
cb958685eae8e42bebcb7a8fed51b3657da13f4200ebf4dbdcbef272aa948dfd2334beb3684b5df587725ca5ad2f5e183914c9482c26f69408ad07e770e7c13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2715bdcd7a635cad9e52ce879ff6cf9

SHA1
26b5801b39a887a9faf0ad90f705ae3d8092f1fc

SHA256
3925a2e1328c388f8b01535593ba8d61385c27e7aa8794e17da5a795da352e8e

SHA512
13a6197f8aed0ff398630b174e4f21828473078b1ad7335d93b3ab9e70636cd13c4e8ba5a73a03bd9a1bf28f276d8a3e2ae0e2335539ae77a211e0f69db86fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b216884cdad156b62573240253de4ef

SHA1
9f22dd3966650eedbffc669aef63663444d1a499

SHA256
88dd2a34737a054a8e3544924db6a5b971a046a61f907983963c55794550d727

SHA512
439bbc802870ccc2d7c51b1d3f03db42154dd3027f989814eac5430f8a2cac8470f6e35f206e0b34365b1cff3c55d77862f65c0dc9aab282410603a2c0cc86bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4a2479bfbef0cc5402d99620c91fa05

SHA1
b9a2cb1df7b66e283caaab70708778c6aea957c1

SHA256
604e490eeb7c15888544667371424de38bf862898ce6206d89dd0003dbe4228b

SHA512
bae8f7ce049aa02af92abc364864d87d699b178b1d2e3a4e6073779eb57446ab3484a159044a5ad7887ceaf17619a6dc6e326467a4a65971f62e44ee91d14915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a2a277e61694afe8b926258a87cdf37

SHA1
bc7f256233f6d9c332c4a0ac8a172187841a5569

SHA256
d550c98485d40b29d9a99ed2c60e3001e1f5b3e168105b32de6417727af5dfbd

SHA512
508702d164ca57840fac57b0a01deabd763ac47f2e201e1d22af56501f57cdbf51223b6dd17fb6e1f92268824abc52545fb91ab0f87955fa29f5758de2efaaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b71b.TMP

Filesize
1KB

MD5
09ef3f8adf0c152d1b26772f429ae405

SHA1
82e850ea8c801d4ce06e150af75c72661f045cb5

SHA256
857e719bbae467c609b6d45217ea6f8609e338389d4ce05d8fa7e939db278ea7

SHA512
0a2b939cef63f04e0b1d96390203c358aed068fe95af02f7533f942324413e03ec6906bf2eac255f769218aafca8d2236ca48fa3611bfb22ae26ef7b2d0fd814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c215aeb8-2d54-48bb-a1c1-9f5ee4e15359.tmp

Filesize
1KB

MD5
e25c6cf77b8d51332f90700a38aca429

SHA1
3a4fc024908daa270c16af5226696fa8cb203557

SHA256
f9cebf7c7c32abe61d656adc18143d648e48860b4fe07c59ed7b1c4832d0b73a

SHA512
2a9a56c6473843c1e325a0546f0aed85c0fdcd28eded8489b7c568547122e90faf860b403dbefa6c57ddb148dcd64c6c32afe9ec862e3803b77edbf3496b0f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9959e28d23c8714618323e28af021a27

SHA1
417d4268c27676607ae4188b295ea7b90d0af714

SHA256
c46bd7d085b86ee4cc7aa4ca65ad44e1d1ab87fca015da15f6a4bb3a059a665b

SHA512
77874022a1c56bab58e4f8ad471a8338dbfc856ac70110b4cc1a1c75dc980b21f542cc134170e06154511d56d335b7a1433b9a54dbe1eeb3c64c5335966aa81f

Download Submit