869144f76fbaad4f04e425aaa0b4b88fbffe3fdd9dbefd470ef6eb9953e45c4d

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d33317112a159ebb489829b2d9345da_JaffaCakes118.html
Size

76KB
MD5

7d33317112a159ebb489829b2d9345da
SHA1

543c2496d0414e545d7eec37624254091b288fe2
SHA256

869144f76fbaad4f04e425aaa0b4b88fbffe3fdd9dbefd470ef6eb9953e45c4d
SHA512

151844be84df92c3f1a0ac28a1bdd8dfa9f32a382d64a08eabeeb398c2f8614268f107353021dae740a47683048773133b1a4c18713da275f7ccc3dee42a1f23
SSDEEP

1536:Oclm2JpAxXfVBBLCEMBQIRxRhN2VZ/i5EF:fuXfVBBeZxRhN2VZ/L

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
2504	msedge.exe
2504	msedge.exe
1936	identity_helper.exe
1936	identity_helper.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1696	2504	msedge.exe	81
PID 2504 wrote to memory of 1696	2504	msedge.exe	81
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 740	2504	msedge.exe	82
PID 2504 wrote to memory of 4276	2504	msedge.exe	83
PID 2504 wrote to memory of 4276	2504	msedge.exe	83
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84
PID 2504 wrote to memory of 3692	2504	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d33317112a159ebb489829b2d9345da_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6146483274929098896,7931164791697652894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x4e8
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
a4681f7b30e9baeeddea2d13a0027394

SHA1
4f268dae0c5609d39065655dd7a6eb40ac991d74

SHA256
5ebd2c19698228a45a03410e627e47269a83b1cc98217ccfb4fe94fbb9e3e3bf

SHA512
dc87558af90dc509e9029e96ef703368bbf6bb5df21d3aa7470589e0387f53791d06624c9abb8290f786fa3a46fac45755175fcdddae11413e3ee41ffb697590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
f422d9afc869199218ca59f298300c59

SHA1
de2ac94792f37a93e29a65c8d543b50e43e178b4

SHA256
1e76e276ac1384ad481bb606db269412230720197bbfaf37161b942cba5cf82d

SHA512
3cafcb6e51cb7aff38772b3759db461e599955ac6a92b623ba56a6dad12769fbe2a34fb2a08bb5c81f8ac077fbe0ba502b2a35b3a741660600fa53569303b87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3867f8936b1647bfa40f2cb861037f89

SHA1
6df1babb8a399a34c701173072657ef39475d9e3

SHA256
2b90b291d6a5f93138f5d2b08a07f97bbd731befa56049116543197af637d1e8

SHA512
f1e47d9f45502e276c76000c2452c677d9ae8f41d8d03b1bdfb5e06b0a0effc7cd6e7a85304370b3804dc0d46c0074fd7d3ce72975441c43d8dc838b80513130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ec315589568767dd2ff9c3ad7ff216f

SHA1
f070a02f3efc1a17cb13a581d435926a45ed5072

SHA256
080b8e2cf9f0f91d47057fea688b2d69e2dc6843144288f47cdb486f7efcc108

SHA512
cbb34f26acfe264454e2ba42bb0f5753798131e8edf281e462282e64c16936b2b118181240bf888c3f476ee0129a6d7ed9dea96723622e70ffd6fe25408b3125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fc86fd93efe2db1c1154d0485db6ce46

SHA1
e727773f43bbd70146c700fb6c838da24a79c592

SHA256
ecd136b8e497f714ce0967c5292bd56509b3e8b7af8831be1e8dfc5845d34c46

SHA512
c97b9e4eebe9482dbcc5898a4c37a852f871ef347b237982cbb32fe3f30bde17324c50826a8a1fca1d516a34edd92de80af3661b956fe2f298588de536470985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b33da91d05e978ac992d3576ff0a62b

SHA1
0d08150bb2743791c825394e58285108389afa4b

SHA256
a5ccf57461a27d178af6af9ed2db4ec5d8ee4d9a906097fd1202ab0c14520c75

SHA512
6d1fa77fa6aa2d59aa84d7ea04206910aad168c68ca4729b6abfc529298fc2c3a8e08423cd6ecc8dd2068e847eb9817e18f1d0c14a3c3ede1588849e6044f311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8dd738e04b480c3e44de2f1204dd32a7

SHA1
4c2e772b1f1b504121dc47449022a566544b5db6

SHA256
64c7c718344f06faf55096068dd2bb4bff543d5372b52a9fac97100ff199f1e9

SHA512
f656a4422fd0fa1c9de797019e9835be3886686982f67ab94eddf30c14043e1da951af943052e83f92fdd0336eaeb27d84c43a5ea83737101e54e8bfb1b1b84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
613e1bb01030d88df97f1938c0035bdb

SHA1
f42cd01888b8ff7bda4f88c80f0c4c0ea5a54c01

SHA256
55f41cb8ec74ccf2618401c06ef53084f012bf390f2e44eb3026be9401148837

SHA512
25384400ff396301ba45299aae6dd953d48ca40163bdab42c37e8d0e359584d0863a6d48548cd3f4a052a40f70cde4f8349f4ecf33e11b9dd83ce78b1eb958cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7d40c06daf287f178c6e864f7233ee90

SHA1
48c5c6358b2591f1f4c8d688e73332995bd14a19

SHA256
f94d470622cc4a56c48ed9faaa5cc338a71f6b3e7b87e12041c9f8d1a26a99d1

SHA512
01c0b43d956c48eaf717b29f629d8c0043076ad280a4d6c121b8e625af4dc51bc81f504b545ccb5fdf0b63c97ccbeb73d6b18b713b12a6430d4717af58794ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580cfb.TMP

Filesize
2KB

MD5
66e75acbbc2262c612dc54eb0e8e728f

SHA1
ad95de54b4064822b31cf14bfb258c7ceddee7ab

SHA256
36811221dbf5b6b09788cea40eadda1949a2fb060f0683793866a539ad80d216

SHA512
0384d3136807505330da00150777d9d1eb3676650b422ff8f00a81a9e6def5e7c4e9b94c5dada68f2c4930a1f552eb828f272da41e281cbd417b9cc5efa1f773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6e4a7edcc629bf1c53d1f301f5efbd59

SHA1
f7b99f6fdf20e7e33037659d5f865fca6d018e56

SHA256
41027b564ecf6285c38b22221817e7c4d3cc8a54b2d7cbcbd38c0604b11ac500

SHA512
66bd3baed270a68706c193a7a1a576b5e5dfffed4ede3bce42ff5a7442f7503a35499fed94f953655e7ecf247932531396bde4008bd9efc356d200f05225026c

Download Submit