01897fc59e65025f681b8cd09d480a70c39c020660f5c857e970902765f8685e

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0fb2cb7f3e663857ad1ada9ec285faa_JaffaCakes118.html
Size

229KB
MD5

a0fb2cb7f3e663857ad1ada9ec285faa
SHA1

6f129442627c8781446a84847199d400f25ba4c5
SHA256

01897fc59e65025f681b8cd09d480a70c39c020660f5c857e970902765f8685e
SHA512

a2baeb1058324b64f571fc113fd453408571c030ec8fe3ef57f8dd9445d28ba0a740617b93815ad6ae558a8edbf99c6c49a61720851973383f7c152c57ad0540
SSDEEP

3072:cGqRt0ukm0rgopfTjlI71rueACC8qpSKN9U4WpSKN9jbpLgb5Y3VkKMtQ7:vqRt0ukm0r5Q+SuqSupoU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
5000	msedge.exe
5000	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 1776	5000	msedge.exe	79
PID 5000 wrote to memory of 1776	5000	msedge.exe	79
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 2976	5000	msedge.exe	80
PID 5000 wrote to memory of 3040	5000	msedge.exe	81
PID 5000 wrote to memory of 3040	5000	msedge.exe	81
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82
PID 5000 wrote to memory of 620	5000	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0fb2cb7f3e663857ad1ada9ec285faa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffef5e46f8,0x7fffef5e4708,0x7fffef5e4718
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1376297906087960591,1739503944717747113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
53e084c79751de60db32a74e7da6243f

SHA1
ecc98dca96263d9e9a5b614a74e6688dd57660ab

SHA256
a07422e85d4a5da8454d7dc56d1890d174122cdce7a8ec54c742452318687a32

SHA512
4c2b14194e87e7fd360567e668d629af3acccc5409c1fa18e94bd09db40ab71e0ca4be906e1ec17eac04c51a50022b253b202eea6130820b1fdbfd9760902865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2cecceb7a75ef51fc8d48c1c3e1fc90a

SHA1
631506496c06fc5e6064592454372c1e0ab8c631

SHA256
33f55329213af0f45c0798b808231f87857a7f95f67fae2a635f5280a76e38a0

SHA512
4538023defeabb6bbba2861439815eda185a5fd2877a04ab9868b05930ca981b2228835e4a35e0d4c40c77b798efc247da7992e171def399a4b5a0b66402381c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
acee76768925c1f07777f1edec4d78c0

SHA1
db782c710f18dce14860b212dd179f33c0111ad5

SHA256
4ab6ed85762724e377467d27b294dd9334fe8a45794f57832763f9dd2d4fd71a

SHA512
91c1d36fb4189e2ca240f7cd8f0349f467a6d7187fcb938495c1fcf12ff2e5ee673a3bb354117d3e49901a641ded61f178878d091fba135d4dacf1872b874ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1098acbc4a07988d7034102bee45216

SHA1
00d93c7df82c5bf739478cd74447410ee3bdb89a

SHA256
43b16f60453d1175291ac9d599ffd481e1db413ab86290add6a7c1a3062b40ce

SHA512
a05b511af85cd6fce9de8fd7eedea6967eb17f7a2def5b4e1086c7a03ad3edafd38e12f9813fb36f5b366d55e4c903fa0e04d392b9ec26791282a851c133d677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ddc1883fbf90ddd3282c982096725a5

SHA1
6fed9a029be93f24b0d6400f14f3e1dee79efbd3

SHA256
50cf63d88bd172b7a57d06d58e9b6d6aa43bb33cff71333a29785c6832063c6f

SHA512
246a344f9a80b2b781df4c38acd58fdac16bd0b24d1dae6c9eb6601a1836db9b833c14309576b48efeb166141ea9983379805e4afa8741f57392396ffb3a522d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f168c8f7170fc5e2f0787caf2bf0ad8d

SHA1
ddf1f8ff11ee7d116bea3e922415a0960982fc65

SHA256
b1a2345580bb44c4a02c34ca5fb9f0c655887543013c33c96a0d6b605d1fe843

SHA512
e630dd59563fe8986782a67d7eaf95b41408632909d8547533bca0a4034f254c755fa82de885ef3cb88c28659133bf2203399a138fccac99c2db0c85c305ed9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47beb2552c957d2d544030dd4e638c37

SHA1
802740e082f7f2c5e20329649e20c51f247f97f7

SHA256
8c21ec99c5b53932f31e882f9da9e127d5abb97d506ea0f0248a9404f81549a7

SHA512
03dcc2756d5dc11e9916f6c4bb05dd41905bb55e4b804cf165616b7f37b5aea6fc58b9cc2eecb99e65e86f5d28b236451cb8d139f9955810b50855101d5c953d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
02b64314e562b614b913f294cdf7598c

SHA1
04040f2295b2123f81df9a024a03095c6d5cc72c

SHA256
c30eb46a0dcea148380e3c215f96c2c932732df087d5468807a387d44b65ef40

SHA512
106e4bce771e2a32964eb5b01bf60e20fdf79eddafc7de854ede9ec760c78f9df4c3860981ff93a269bfb33ec03b20d746b36f557a408079403cc2c0c8c3980b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581037.TMP

Filesize
201B

MD5
c4d1cc7ac5b14ceb834a1374ffb74eef

SHA1
48c7bc68d91f2135828b3355db3d2c3c253a2bcd

SHA256
588de054f827550cecbae13ab46a8ae5fce3161bef4c5249ada3cf4543653cc8

SHA512
37da2a9c76da8feeae058abd058241f4cd7e48e972297f7c59a89e13d82756938be038317c08bb2c273970b9c6a28c6b5b06fe5be600c1ba2de3be458348d888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5106cdf2df00b648b571f1aa76110e8e

SHA1
9a044f97f53070848e8c10b460d1766fa74e7163

SHA256
409821f0a059bf70a8c0873ac437f625e975f7e8c03d6d2025fdd49f11765a55

SHA512
1834af5d669572491525ed805c1703d452e8fb17c73bb43e971e8a0c9adc7d383aa8933e94c6f95f0f5253fbfe4b282faa37d09099ae3bc1c99c476147e643f5

Download Submit