790386b3f2343797f70c73f21a475278caf36fd7e28bdc6eccc8de1efc7f4473

Analysis

max time kernel
144s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7039368833bf38734710d41c3c6188b6_JaffaCakes118.html
Size

166KB
MD5

7039368833bf38734710d41c3c6188b6
SHA1

7fa313e5f8da0a2a31013a8bcd2d3e63bf63d26f
SHA256

790386b3f2343797f70c73f21a475278caf36fd7e28bdc6eccc8de1efc7f4473
SHA512

b43728cf5a720f8d58574c843bd03134c37c3fc83df4da93a63ce8d6c271527293b68f7d525855437875e9a7fb563671ee1e20ff71fbeb4fea779f517efaf6e8
SSDEEP

3072:1kXcUaQ/bG4s1sraIptHyBQAJaik0SfQsK02ActrPF3V7Hv:2pGGUrPX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
3996	msedge.exe
3996	msedge.exe
1756	identity_helper.exe
1756	identity_helper.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 816	3996	msedge.exe	82
PID 3996 wrote to memory of 816	3996	msedge.exe	82
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 4604	3996	msedge.exe	83
PID 3996 wrote to memory of 1144	3996	msedge.exe	84
PID 3996 wrote to memory of 1144	3996	msedge.exe	84
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85
PID 3996 wrote to memory of 3260	3996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7039368833bf38734710d41c3c6188b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18189224342917959537,9415082629789426479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
b07ab3a942783d4b33d78b1768ddbe7c

SHA1
ee8b506f989bc27b90c6ec5cde59d0610308bc7b

SHA256
693f5d45ebeffeb778ae1904f014483dc41b0948f767ac4f98574e7e5c3ab741

SHA512
3702a3e2d635aac4a068e9572720613f71a76a45e00f359f2c8fb986473c67aed10b8591b7dc63257e79fe90b52294e3c539a88d6ca667c285209a0662a9b8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0c4a8e79e1e8ed890548f920c2d2d206

SHA1
6bbade2a658cc04342508df51e839a1ee843b2d9

SHA256
e572fccf948f78ebc82f16678f5a91ef6de07fbf080db0b1af556805d2e67c6f

SHA512
c3ba82adeb381f71e2f561da24ea7210445941f95cf16279f4ccd90c8333bbb8d98dc0c848dd7b44805298581f793c4c944842134b6ac57b6af1c6f37ae7c0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3beaf4fb96621a0daa291e9ae8f1671

SHA1
68f8df9de9c02259f0794e25420ffa403a356fb7

SHA256
506b6a22d05676ca82e5d251c18000ef27fab190cc6d69695555a3ffdff81c85

SHA512
07cb0dd6839a019594e6e7ce9fb8603f58540e62f516b4efc4848d9464be668744ab0429deb1d224e20393c6227e5bc4699177db5f396229e19a8bb1caabd1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8a8bf3faa05d6eb31146cdad4b00f15

SHA1
7486199296297c8b48b9e562a13e31408e5df13a

SHA256
cb2a3ea30c4042a60307cdd84cdc451a9434bd0149d3a2da4bdd70dd50d5f870

SHA512
f342949cc1e15047e29d970011121e246829c038fd0bb41849383f5ce7297618504d9442064bc7c34009b15a6da8a24aa396c247056e07477f48756f65b3d367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ff7f79edbea9f01eb72c1db54ac9143

SHA1
2edca13a61dc55ef02d698d0f96a7b0284ee72a1

SHA256
6cb4dc1ae369816af93989dd86f35fcfa3723335a8c19aa1ab461f834098c360

SHA512
6f7c40d941338d68a3fc5d6110ad9bdbe96becb66293ff7059ab2d6e7e545052be26dc4b0e7230aed878d48acd8e18c8b5558598128f3d5c82cefbc0bb3b6a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a49713990c15d6c4e84a3f05eabe27eb

SHA1
d4f105461286aa77d4c36ce6f945aa86e462def8

SHA256
97648ecf0070823c6be97d912081a16b23681df281c2e9becfb943d13cf7af0b

SHA512
e77bbcb77a2063f78b0bced3107f5ca4c3be0f6bbeb399eee67f280c9532276d3663150b5b324065d21e3a87913e97bc7c557cad22fe07a71748fde776e66fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e9162c180f2c49453bce16490d1c41f7

SHA1
f1c2185c6bb0a52b8cbd1ecdab791cadde5549a9

SHA256
023d2b70739a12f43dc89b1d8d1005a77f85d046cf23acbe2de83989ff76bea2

SHA512
4eb34c86889666fd17ab98dfb084bd7c65d93209965c080d52025f56a76d260784a37aa2f40f501c5a0dd4b242e5fcd8c24fa3706057894a2268e663607fe52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c422b29f53b7a9eea6f0c18870ad1db

SHA1
34c8ab2c75249386c15b1853ad17e99c0cea08f5

SHA256
3e34f3121dca795004b768f9dc03163455a6b14cd0404f5aca30e34a6f0b2210

SHA512
161b19a9bdc8585c1b275f6304b9bb74087a95e657a9c05d8924bbef817088b39a87a57ae820d00ba8cab325381d6ec3480958b976c9e3eb0ec26e6680f96160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5937cf.TMP

Filesize
1KB

MD5
65a0f4bfe84a1d7d1bbd9aef9d4b33e2

SHA1
d00f8c0950aa3c4ff1c787c19756b085d66dedc6

SHA256
b64bc57aeeaf1c2a4eea863948909946cb734305cf60eba08592cb1588420c95

SHA512
76925caf6e282de58269acb84abc78725bc285c39e8beb593398aebe1b77c887b158146ed13ffe35f0c33c9b5789f9dd7390f6f47cc35a5f5777d72b09cccf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9df4a1f63ffc867d1e36f6f3fd028de9

SHA1
3413b3963e7b92dea74ea3256325d36e62b0c0ff

SHA256
bdb4007c4f1199b2c66263b87dc07f50cc7a07e4c62c211aaa0f2b5c79640018

SHA512
dfa78319bfda6bd81e04103ef32672028f1e02e1a31f2dda68ba9828d9911e21c8263efc5882896c5ec00ce1b764582d746cca2a71d39209f762979c724eebc4

Download Submit