6ceb49c2628760ededff241e79f81718cd038471bf060f0f834b69d1e181b3cf

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

886909e2bd2db98691a6e708c788b089_JaffaCakes118.html
Size

71KB
MD5

886909e2bd2db98691a6e708c788b089
SHA1

b7397f54c11b1ba078a90fe9926a6f46902ab4c5
SHA256

6ceb49c2628760ededff241e79f81718cd038471bf060f0f834b69d1e181b3cf
SHA512

8698868fe3376c6570e23f9529ca1735f1c9756107c028a3dbf27a1897f6615b6eb9097e73c1e932bde981567b25b2eefe4d96a317480e0dc9e80715f0ec5a97
SSDEEP

768:URODTIWV0oBJP6p35zXOxHPod7hCfOXMG9tBE29nM01K:SFWV0UJSN5LOxvod7hz9tBtdE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
2928	msedge.exe
2928	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2216	2928	msedge.exe	82
PID 2928 wrote to memory of 2216	2928	msedge.exe	82
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 2772	2928	msedge.exe	83
PID 2928 wrote to memory of 8	2928	msedge.exe	84
PID 2928 wrote to memory of 8	2928	msedge.exe	84
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85
PID 2928 wrote to memory of 3016	2928	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\886909e2bd2db98691a6e708c788b089_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa31f646f8,0x7ffa31f64708,0x7ffa31f64718
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6959103973991934894,383742114519143455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a05a98c5f625b8e38e77a902e2e9a9f1

SHA1
c1888d3837b8378136647d386cfd32fd009c31d1

SHA256
fece518b9525194460c7122cae54e351f3d7b09aa4529414f5ec24860795ddee

SHA512
873f71fd7ece71ead8724d5412c24474d25957d969deddcd4003a37e2ec2744e89167a7daad1c624a7262a95f35a617bb3e906886c1558efe5fbfbff7983b230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0ca7ac7e623da5fdffce7b42937ae018

SHA1
44d9e2c232c36be55e09a1cfc86db1279a3322d5

SHA256
d4cfc1c7a4004e9ab7e1e0f44fa371b6a09a87ec505cd6c288e920d9eb3e8803

SHA512
328f857fda1e2a4692c9de710d2e27173e45ad1a51ce3ee8fea7086e6eb2065fec960337c761bf65d37005eb876d626d94b37ba8a79dc780976082d5b2c75f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6d2ad90077b0005203261cd29c339108

SHA1
50ef3002292eca8349ce0bd75146a08b5908f8fb

SHA256
e845725ca5055d73f82c9bba8b4da6d2a350515f4dfa4a159cf3dcc71cf43a4a

SHA512
ae6d150a97946e6af286fb565381d73a46c97e093fc487c6b92a675513ea2f616d4d02ef26dd8a7bb0d6adb51aea0a0362a8cc08f40b84df8ae1e5151df42fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0ae9ddd6558b1376a1fa772a9a897072

SHA1
598e36255b8617f0de9363f63e95565429f09b31

SHA256
ac5dd7a3f3d653f3fbaa4fad257fd0f6150285fe90049b7d64114cc02ffff568

SHA512
e3739169855cd037f06c489e85f5c9db8daf1f01d579d33f67e16fc1cbc8992ec6fd2c0600bae787109672b9cfddec30f0d31eb3f3e0b36819a0da990f29b6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b56dc5cd69bc8267c8ccc3d54416aad3

SHA1
b86a5c9c30877df7376c99da5ad9aa417a16ba98

SHA256
f3f281349de81ae826a91927d5bda0d7879a26701080ea01113f06c7cde36a03

SHA512
6706008cb1cca4034e3e38fbe15ac03e60fc4fb9f2a8256beec9e23c5bde8513818c40c040703dcecde8120a3de98df57993671ac4588021f65f5450c7f8a777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9abd49c97cf696ab1b572a593ddf182e

SHA1
7f63f7a7b281fa18f87e81d987c10321ebd3b0e8

SHA256
0dd75baa60699960083cdcdf78025e2e7c605d0f0a48780eb26ee98e5e665fb7

SHA512
000fae22f885b26e53ac4036278c1c233e3ffbe214a1f03a34e7d346e91e80252a111828cfd904dd50d1fb56637cdb43b512147b2f334095acba571926758d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e39cab01051fdbad5856281614fa1eed

SHA1
3d0118d6a345af86557295bd7952af762545a5c7

SHA256
edcac7a6a0affee67d85c79f0fb0f036f7fdf333916494c3b3197c2d9d8f821f

SHA512
96ee874e69d1a59a42e1072f8ee06f1d3c55d47ebedb6bd3976cb83efcd0c717ac8f7562c9086c75f3beafa867ae9e92b5cfc19a08044c2605b4313354cb69d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c8ee791b6a13c552d29a2d7ba4ef1af

SHA1
758f7d1a67f339c8f8247424f97ba347799b247d

SHA256
51b41cdd284ebd8d7e996f4f92010072daf8c2501273d8f59e6e9c867a5060db

SHA512
d12d88d78471345a509eb104bfbf2e472905569bc41c2aa09dc5a6d7950c01841c04402873b7eeadf61daa8527da20e17436333be6262022d4c8b66e700c9fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37d4032fb1113b0a022bef1067b9fd7d

SHA1
292bb002417effa2c6d30aff76c082f8c4a29e3a

SHA256
c97b193c87dd4cd01c6d0bd1d002cfa372d4889a636dff638dfe8b26a7e6559c

SHA512
3484b575bb6e7be01a8f0d2361b1c9ed0356803328716b9e28d26349e8a38a7c587d8bf5abd89218ff9e8b862c10e2cb2001e000ec8ebdb40cf1692a6433e8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21f0e3b9a1c17aa53bd5e162156df8b2

SHA1
37946a1d8e751da600cbc3106d1bb97d070fdebe

SHA256
e06c4bfa926e616d5a686ddb6fd79c838d90d7c197933d90259e19e8384660c3

SHA512
3fdde2233d8c88ae717b9104b66e564a9a040c461a8f4d31aef3e0ec0781039e4478db4a4e0cd468d7ee7242713f60e74a8b06be7dc3eea6de4974a28e571979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
c2dd18f36f000172893577f228967756

SHA1
f61b533541eb7a6b1a322409c8b96fc4fc07fdbd

SHA256
b68e740698ee612ea193effeaab7102e65160cc0ac5c5fa9db75206c2782f68b

SHA512
e2f9b683ece71b68511c45528004b30e70a9347a976dcbe37c7742eb012a30860578dbe40e2bb152b369a5ee5c91fae87c0b4bfcebe716224ae6acd30a7be6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581373.TMP

Filesize
203B

MD5
73f1d620a7af22dc5bf15b6a8fec5f88

SHA1
3cd9ebc0f5c7f769f40c2b03a1cc6ed53427adf1

SHA256
fa293a7291c2bfba66e1bde07b34b6b5e5125dc75e2c580b11807ad4915ecd33

SHA512
b485a825c2faa510df571d5c9f0e58098cdacb9bd23bec69f4c2f56a30729a37dc146769090ba55cdecf68409c20d36bb4d9183cb3de89e1ed807a4d1f0a7feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a1a83d808596909c78318d19c8201eb

SHA1
db4b177534f039a1eb21f4cd363443465075e406

SHA256
c420a942bb81c787efb6563e57e53e35ae7b2695cbea348f3d4fed14c3b11b55

SHA512
46005ad0a7643d1b6424cd15bd595fb4771c59e8b0fe2a5501c2fa5ee0937307a534707e6e344cc55dee2a2c2c2129e4eb32f18d6fb1e4b830a07ad4e059cfe9

Download Submit