1031a4df874d9f4df0fc919c97273c531e9dbc1e2afa3be852572e89386d8939

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96b5adcd6bbbe72ace4fd3bd31c367a2_JaffaCakes118.html
Size

107KB
MD5

96b5adcd6bbbe72ace4fd3bd31c367a2
SHA1

5d94c21cbd2ac0fcf01d7a9e89bfee26da40ba41
SHA256

1031a4df874d9f4df0fc919c97273c531e9dbc1e2afa3be852572e89386d8939
SHA512

fe868b2354d7826aa61f43e24fb4419d48e5a6ffbbac60cf037dc31af21ef15e7486687119f2cd5dc853633ffd9c05e0e7046a78a9876a22cc66b1260e51e0b4
SSDEEP

768:B+T9x05uQEJUVWt4LtXFFyTqC5MyEElOFsR/MN5DkS0P7D4UlLRavn3jNBonLQCF:cTM5uQEJjQEPPlOFg/pdKmcFaq3530

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
1564	msedge.exe
1564	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4160	1564	msedge.exe	83
PID 1564 wrote to memory of 4160	1564	msedge.exe	83
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 2040	1564	msedge.exe	84
PID 1564 wrote to memory of 4460	1564	msedge.exe	85
PID 1564 wrote to memory of 4460	1564	msedge.exe	85
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86
PID 1564 wrote to memory of 4416	1564	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96b5adcd6bbbe72ace4fd3bd31c367a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7ba46f8,0x7ffcb7ba4708,0x7ffcb7ba4718
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11701958540042277492,6695699410840331897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
956b732d4f725b1e864966e6514f9970

SHA1
4135f9224c1204cc03e6f414981dbba790da603f

SHA256
d5164b692ed6133da43141602e1dabf93447a9db3db744c3b720c6b73d1b3e6c

SHA512
3a08d19d41c18649dbf71fec689f8e97acee3d6827f564f19851e8393aa771b3e790eb4f302dfcc658ade3ccad325178eb252f1f8304b4c2293e6575fae159a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
83cbcd0d03a432ef7544ad53bed2d9f1

SHA1
af9076757d6269b5f0b0315116b5bff258d92a11

SHA256
908ffc4085c0124d9e5bdfd90e7dd5307dca68c040b48fb4b2cde4162523ba26

SHA512
c5821cc2bc8be43df1be7eff5e3e91f1a5a9cf30a69fdd7af7a0a8980c76dc3696f26d6ea2b9022f35909666518ea72134dd73b02d90da21e1460ce33d7a9174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
2139df8f492997306d4f7ea16c255ca1

SHA1
064dee9968c3867db07315996477861e04dfd89d

SHA256
5303b3c977e85bcf614375f554515b2b7652b0662cfeb5dea76f0ca38a1b99f9

SHA512
8af5eacd599fcabdc5ee94ae8e37980e5da79e4272b1bfe58c2201082949c8482a9ccdb048bfdc0b1f86251987024d72356c21b36dbdd917bc738d2ee88ce063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1f2341ac5904e4f6f8ac7290b6af61b1

SHA1
c838203de3767898d85e89922085bf16cfb8316a

SHA256
2b6a7297aee74a4fe01577f785026d89f278423af115f5a317dad8a63dbc175e

SHA512
5d5d0a6c02f18a02b3674ff1dee027fb5253583d7ed3997ff53f546b7dae8dfb76dd2a692b725b738d23e36cb1c79dccb2fd519198b02eb790b7525376116051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e35169c7d8d8b639396e6ee6de71e3e6

SHA1
13c8bf94ea61f459bf1fc4727deae8c58236d183

SHA256
aa64b79501b7fc6a19e596cbd0d80133b5ee2eecbe56db1599d5063915429a2f

SHA512
046ced0ea6b68788b88ac556e28c396a83836816a6da371ea713b183811e36a1d8905eb7859a66ae91372ed8cd08b99964d43593f90c24908f231edcd3cc6fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5c3329307ce140bf5efbd784d580d97

SHA1
f3548e931a859cb727d6523c43cbe2fa03f78a40

SHA256
fbd761826d9f848b10b8be4f0e8025ab8fdd5ee6116f827dff8ec72f4d38d5d9

SHA512
cdd9e90ddd2bd279d109be6717f20dabb05d0f775d2bb0ab95070e965be6fae62d14655341834190b44c4fde54d6eda44433b7269f092008ef958314feb45ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10d13a0bcdf29155e5255c3ae76ae001

SHA1
0eb2f3c49443cf0caf494623f6f2e71c60f209e7

SHA256
0e4a0cb116c53a9abb1b1e972fa6406d86e303aa2f34480021a72a7000a641c9

SHA512
e1d6fa1ec010157f02a61dbc97f1c4bd2ad4245a76c3ea052b20a2ff013eba02fd70dc09003588df2a23780207f9a38a5cb41cf035dd0a3471e061f9b58a9fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ef50fc1eb7dffc8fa880a46e8bac48f

SHA1
076d4f554389e840462f4958a3bcd96372933a69

SHA256
b6275563422200d62acafe2534cfcb7fac2599610ecc6f788bc249b0049802b4

SHA512
27d32c63e4193d63b17ded6b37301fe1a6c8487b77edcc8dd56d70e7163207db30874d2ac3fccaacd6e35fb4a254419fc3a621e4814a6471a5483c2a38040294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f1d57871df852c43e60815fcf7812ea

SHA1
37b233a7ce1c9e7a19dc7375ce3353887fb31705

SHA256
948b85f295398cff0f11e8bc617aba57c96e93c25faccf1b9608cf8a03196993

SHA512
696682d28dec04441ce4d50a7b4c899fe111afac50be9e0913acd5a702623991c43a0daa782742b789c818348bc1df21592cb3bb3210ba8eca866d5325769982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0943da3f3354e460db9743b924cdfb58

SHA1
f3a985ff6e977a1ad83ffe3de5d4ce05f7407980

SHA256
aa9f9029a0d8d770768d88a1673d61c5023dc8e4c613b7c6d30785cd067b197e

SHA512
780da86a7a9cbb436779fb0a078af4ce0504ae799b469331e7b542a8f32f3ef9d637c61cfbae7e457d3046c15cb77bfb433ba1b243d04f7efb9cd7c5aeb3f8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
52a122799d651e4d636866f594d45b3c

SHA1
7072a93d78fc0159a29c05094d1e59e1d0906da4

SHA256
de684c46b1680c059ceb93e9f258dbbd53f48a704ab6560fe465a5fbebd269e7

SHA512
290a7dbfd80fd55321bf4a51abf12dceef0b8938c627e3b1ed6a10370d11563824f91db7c6c664672d30f6e045970b56c31f376f2794c12e945ad40dc674f4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5824d9.TMP

Filesize
203B

MD5
7a5213dffa42923b8ac5e42721c0056e

SHA1
c6a481d6aedfbfdff99cc43802db221cb9d8abb0

SHA256
46ef2fd111c69288398236b2d3f02632b30d6b0c30ae478f4764d24c070f6f43

SHA512
ae7831f4a62135e192888fd4056649aed10d9f0e92827702758de11b39ec06c72f1a93a944fc49a42f170472989ab8dcfca94945469d2c7dea01ac4d0cd4161b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87daf2712e37b016cc2610d86fb5c3e8

SHA1
47c4ad7decf060362ebb02ba257d2323bdad8f67

SHA256
0ad84fac4cc59189c502b6f88dc643917038643aedfb40511af3c9c54be5e414

SHA512
731f1808c602d99e2b6366fcd98484c4673fd9c7b13daaa5a4ada0be663259c5c30cc85e71b7a38e6ed870f70e66d54af202e1b1e1924e4d924e7ea5195275ea

Download Submit