30b8de2eb7f9270c37285e2552b417fa47c3826e6cf3d5e072a4257fca2ee63f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

863792d7a725cb752aede63a3f68fe96_JaffaCakes118.html
Size

187KB
MD5

863792d7a725cb752aede63a3f68fe96
SHA1

360484483b0191f319cabc7cc2130c98724904df
SHA256

30b8de2eb7f9270c37285e2552b417fa47c3826e6cf3d5e072a4257fca2ee63f
SHA512

98da3d081f48f637fd707955bb17969391edd75cc88869a5bea66802449c5ad217e2bcf0299d833babf844d175f1a719bae5eb3f727bad90924c4ea33bdfe8a1
SSDEEP

3072:P5idprA/9/JtgHtlpV5huW1xhswbbC22dYvO3T37P3Njkmj8MT/r0/3Nka4tq0yR:AdprA/9/JtgHtlSJjTDT/r0/3Nka4tqh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3208	msedge.exe
3208	msedge.exe
1204	identity_helper.exe
1204	identity_helper.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4304	3208	msedge.exe	84
PID 3208 wrote to memory of 4304	3208	msedge.exe	84
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 4412	3208	msedge.exe	85
PID 3208 wrote to memory of 3752	3208	msedge.exe	86
PID 3208 wrote to memory of 3752	3208	msedge.exe	86
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87
PID 3208 wrote to memory of 2980	3208	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\863792d7a725cb752aede63a3f68fe96_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4008667424133980514,3453428623292736965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0795b177-2582-4f87-bc33-7e3d16276987.tmp

Filesize
5KB

MD5
2c104409577558f075d183db7408ac6f

SHA1
295eb4d300cf7d327c7f78339d280850d6e311d8

SHA256
44bf9bff10e54eaf561a0a57403c5435edde18a0be01cfe3ddc58e312398290e

SHA512
f61fe3c56f61c4ac6a89a8174305d7acf4c99350f9a6bc0a30098238509201e4727428617386006e005a2006606108490a2679d478af9ec9d51db5f9a7605d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5e3c52194345f4783d51cd8e3cea62ad

SHA1
3b2a51fe8c227327b3d1ac58e0ee19b5507fc63e

SHA256
6fbfbde32de29531ab7c8dfa43cca3cee95a3e112f05a5e74e8b179dca020f9a

SHA512
be643b862d8d657339d5508a87b81e6600817214b39accfc37142b3d7fef05f5c6ae835cd26668cc20901f15d0cd5ebe2f2ec73ba101307115adb1b92ed0bb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
08bbcf743c92a6b06202ed6929ad9fd1

SHA1
f75b884befa91ebf85bb2ffdf5c9312d1b0244b3

SHA256
d3c2f04337e4e8a143351975ea88846134b26545d40714da395bf168776934fa

SHA512
844e470745524f10721d9cd19e077204b486c8ebba63fcf169103bd770455bcd400af4f0e28d45e813ccacda184765a56ee1487a66044c863f3f286e8e2558a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
19455ba6fefdbe0b248fff5b93ca1a2b

SHA1
84ab0a134eb9fe5e457f16708fcc1c47c3302b77

SHA256
5d0fa39c7d02558b36872483dc073189b78c777e7d15e6c10f9b178260c6dee8

SHA512
551a5774b4acfa180b4f2702c6a46ac71126bd00a36dfb66e1a70a685506ac7be5744da4bad87f0e21b7a78da696b62b9b908eacd3d53e2b247049784a905e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e296ef8b82977ce638cb5d311c186feb

SHA1
2a367f01f72cc7f2aafaca6c7b7a7cfac24478be

SHA256
406472bd0054947e0acf7974c6cb6416ce8fd32ab8c4ccade880ec8cebff0a99

SHA512
a0741495b3b1abc227c9af666ad1a21c8a237d51a32913a932f127b31e2f01d831cd43fdbb8922ee3990236c9be702cd62e758afc8366c6cbf0a8fdefd9464da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cfac61cfa49b6cb30247dae4cbe2f0c5

SHA1
0f5c7c8bf753defc716ac650290f9830ede69b23

SHA256
12d89c91362f08c0b7542ab3470afe88f77b7a7336d76774498326ce102d701f

SHA512
16340e0b95066897b7d6dfe247af289db8325f38e309549ab7abd48d597fe5b12579e021ee50a526bdb5907358b7612eb42d8f50106a0e256e10c1b1e811b64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5859c4f5198e5d7499beb0b66ab51f6

SHA1
3e8380b90da2d1858bb3345084e459c3e95ef002

SHA256
ad580fd5b5246ef4b30bbc53520d0cc1dc73ac30c2fa05ceb1b60203de49f4ba

SHA512
3ae09a9d7035c04bf2a74393c49e50cb50dc6cc3e1d3368dc65b48b806c1f42ed676eeaf9498835abc8e99412af5d9aaf4f8dc631a03d155aafc5d7e151aca81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
9b31f42ff0567a957d277d24820b84e8

SHA1
ee589c0241fbe40a8b3c5e0e1046a5d4f7c46591

SHA256
1783d836cf2e54c7607bc20b924c6368fac1a6978e907d145a009c9614d852c0

SHA512
e07f099656f0d509af7befe39283a542264c95d21b82c30b47022a8d7ebd6c79ba02d2cac36b15eb59d695b3e1df63e695d49854801b884f3a819d88e3327bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a3599cd1c7834947d795fa5e3895f29a

SHA1
c3e0e2d27140436c4987928fbc1c949a00ee3b4a

SHA256
2bc85079808eddff4e6c038398cc43d4369a50f737a7e91315268a5e52b3eef9

SHA512
30060fae564b9ec0ba5d8d919442d4765b03957ae668247eff590f1464d14c477c08db0b0ae2a4c6510b32eb8c0765cd5e8ed15285ec5a90fe20933535c0fbb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582da3.TMP

Filesize
203B

MD5
9dca6da584d5ea23e2f59e9c4192f6a1

SHA1
9426b01eb633a52ffa83abe0f00bf239cedc3c40

SHA256
44726add8492bcfd8b0086e55bb9eb0ed59ce436b7f0e3d23be1c7000cd590ac

SHA512
6229d6404317cd188253b1d6c2f742e37cc4d8936c4686823e803be65587985f03c66570c1c28ced62154fe6e7b293c3e7597f0af19967c05803b027a0682e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
832d4acf9eeaafe48285c70fb81d0129

SHA1
27283996dc02e5966afca526552dea483863093c

SHA256
60703c131092a4eaa6c88c720a68cfb2b84f17789699313cf69eb71d98f2f007

SHA512
759651af42cc8c360b2365183eb4abd4088d4639bc9ef8b627384b544073d3bdd11b9d1bea45ae82415f7c44a6f61f3574c16a48c20d43cfe36fffba0ab38a16

Download Submit