91f73c77c6f289a6afc29280eb911505a5dbcb7a7949a50d34af9605f56b0c55

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9852d4d6dc715671bd8ba9341c9f6746_JaffaCakes118.html
Size

227KB
MD5

9852d4d6dc715671bd8ba9341c9f6746
SHA1

598603b0b047e83f4fc56f437a60f58fea1c8e74
SHA256

91f73c77c6f289a6afc29280eb911505a5dbcb7a7949a50d34af9605f56b0c55
SHA512

83594bee02d96e58d8cddd2032de1c3b88efb3fb773e7acef8bc46149b41c01a96105de08bd24bb2be1a3cdb017b817a48e1336da13965652310cbc8b877960a
SSDEEP

6144:Tt8T3zkinSkMxdbTK4cLma5oC87nwYCFQ05h8YOvErI95hEsPjtISnx:Ty3zkinSkMxdbTK4cLmaiC87nwYg95y7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
3460	msedge.exe
3460	msedge.exe
1540	identity_helper.exe
1540	identity_helper.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 2496	3460	msedge.exe	82
PID 3460 wrote to memory of 2496	3460	msedge.exe	82
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 2828	3460	msedge.exe	83
PID 3460 wrote to memory of 5036	3460	msedge.exe	84
PID 3460 wrote to memory of 5036	3460	msedge.exe	84
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85
PID 3460 wrote to memory of 5108	3460	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9852d4d6dc715671bd8ba9341c9f6746_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9849246f8,0x7ff984924708,0x7ff984924718
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,12815995615877884046,15736438396215902007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a8e7d5e1439e9d42c64a8b53e8e441ba

SHA1
5bec81eeca6457c1be9347cff949ec5c25dc278c

SHA256
39814e23002ca98f28f2a516f8b10ddf5aca9118b7e661965f2a050e02639194

SHA512
66f2369943ac60fc7e2bf9ce12e39c08055a66c40b911179a665191436e5d0c8d09568e99491c7c44e7a086038f99debdb8dfa69401d1f64d5204b9cf91c7ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3211d6fc5e839cdb861d57d2f8889f7d

SHA1
b9e91daeb6742b8c752cc07223d0b10ba376f80f

SHA256
b35bf40a701e13735a029111c9473080bdd1790de451304f57ac955725e3cfd4

SHA512
2dc51c35dedbcfc2f5e815be21455d412bd023c4086fab97312ae6f2b4ed87193b9cab4f5fdccbbb13a56cf496e9f3bdce874d2a377d96f01773551619c8b78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc51829db2648832c1834401744ab68d

SHA1
1b9efb788e4a8c9dd388a659b8343581927d8953

SHA256
9d43484297cb50343250ed373c91080402082d30059e6fc626922055cd176fc4

SHA512
6c259fd556512dfedca53664e3eeade039b210473b3231eb797d579c647d674e28b1263bf51e7e7e3f0c158acf9cf8fb576b8f3a73b14d4071c27ad93b019764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d320d7d88d7bc54912779b554064816

SHA1
2d2dae52ce9691c809e49c5505ed6b7f6c9ec146

SHA256
b58037d25d1444d38f4e4b3318829d71284e41492b5fab761d81ee17f2ea550a

SHA512
8527433e2fe8c2db69ac9bc426571b6a4ce48ba39f8b767c06416fafeb0766a07ddf7836d793594250dc988f6b6507f4ebe89ee86085539236022c0195090e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a66711bf99ba2b3814055e599c804d7

SHA1
ea5d238d0eaedcdfa46ccc314ff0c5b30b68d225

SHA256
07fac653bae7a56b96d89be38a8dc293c552d9d8b71ef7547634f08877b1dead

SHA512
7cf0ebdc887e222e07031e6bd91c3e72e1d7c8d0a8b2843f09d3c7929f71bf9be8930e03d3dac029cb35509caac2cc367ffec2d4c2917dd0f444097dc55e249c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92c4f09bf88034a6c3e189c934cfb8af

SHA1
d3acccd7b2d348b200f33f1609595f288b4c2a7c

SHA256
9d0a5b9c4273380b6e58bc0f9db9e9fb523164d11246cd3e0cfac7662c717848

SHA512
0cadefcdb7794f804596b5a21b212b937802929c6cc93dc944d29360645aa4bdc666789359f17db6d24208e90155832e81c247ec98f49e65d2fe2374df5b0f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3112fe799621e95ad8e972e3504a9037

SHA1
e6e1cd16e1a3c1bf1cb96de1b54aa7be79b38d1a

SHA256
2d2b3639854948c069390c95f989cdbde0e32c74404ede9bebcfb3704533b8b3

SHA512
33b86df7c921e3447dfc21935dcffd0d69f8d426cbe5b21efd93204366a06b906124ce115000c428b3ce58913e2d30781af6ea665d077f7fd3494c9ae881f879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe555170682d981b601825462e9623b1

SHA1
7ae2c34a79bf6a142f69d47800e19c5ed0ee2d33

SHA256
4e65d3030a4185edcc0af528bc5d2812a61fab9bbb39aec38890378ce2de50a8

SHA512
b76e09763210afe3b64bce44c854575abf26894d9181285d2354e6c28d51fba2c59a2f7065c4c7afec1de93cecc50c9d41e7ff533defded0b33a3d55d6d38877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5f0a79f7b6d02c3846ad6317cbbb0980

SHA1
5356e61e0a58120264caa8ad3cf57414be9b547f

SHA256
9d6be7cdf8ceee9a104bf3f299bedb270dad56c299ad4684edfcbd3228fed094

SHA512
d3181a2bd780af828e265aaaf791cc629ccd31c528ea60748131940b99e4d2207c157157302d806947a90d9b71ef536282479d0d941c9f8a08ae82d711fe22ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
85721aa77d5ae9717a8fea2ff3f362b2

SHA1
f14700316e02e316c146b9e842d520c68901e451

SHA256
7a9f03c31f12c052af1f9054254c25ed9037ba46cbf1a39c1186c228325575f3

SHA512
0fe09d295c213e932debc08c83aecba19620b0f080780301c72f8bcbf07a46c2f169ab3c665c7282882eda96424a04f73611c205e12de744c96d83e4ecfe52dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c091.TMP

Filesize
201B

MD5
0abb6ec5f916d73c1e2ee4bec665ec20

SHA1
f242c98a15cd063b94f16feb67be3977a2316f47

SHA256
68b54679b55cc04fdd3d84dbbc6869755630024a968db990e3b688b443c1d984

SHA512
2757fcb7b2fbcc080fb014f2e3687f00025c0058f4ea2ae25c064a5b9723c95ad66b9525a8c1b3d417a736dde0b785cff331e939a13dabf94000efd442788eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4e3ddc0316c7663d0b809dcaffa8b97a

SHA1
59cd948e08c24c3ff439f06e67d72fa37011acea

SHA256
481e82d900752c2260b4771e9aef695db87741c5bf58c3ec464f4f2beb5be875

SHA512
8c67e002745ac1d6da342629425d5e28eb7647351a57bd751a6c941e1f7b9a04fd3ce29e74b57ab69ec148644347f3596407ec856ce82189a428890b8cc826bc

Download Submit