016cd08eb429069129ba662230ed2bb865add4d784379091942369fa2a2f441f

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87234d582cee2169bfba7d757ac2a8cf_JaffaCakes118.html
Size

55KB
MD5

87234d582cee2169bfba7d757ac2a8cf
SHA1

e769fa8da97a841f78e1a3ecb575f7c33b7cb8b0
SHA256

016cd08eb429069129ba662230ed2bb865add4d784379091942369fa2a2f441f
SHA512

fadd563812f5e66946fc3eccf171a4ae9329a2d1333281223eb1bf77359d82c6142fad277ba1daf04f689dc253f6bef8eb5c2b5ab96ba1132a8ad0046a54c4b4
SSDEEP

1536:/izrJ5G3wRKUtaJQL1soZV5M6nWW0kt7EKLnpF21Qrfu7Lx+m:azN5G3wRKMazoVM6/0ktbLnpc1QrfQLb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
1040	msedge.exe
1040	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 4312	1040	msedge.exe	84
PID 1040 wrote to memory of 4312	1040	msedge.exe	84
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2136	1040	msedge.exe	85
PID 1040 wrote to memory of 2404	1040	msedge.exe	86
PID 1040 wrote to memory of 2404	1040	msedge.exe	86
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87
PID 1040 wrote to memory of 2300	1040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87234d582cee2169bfba7d757ac2a8cf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbf0b46f8,0x7ffdbf0b4708,0x7ffdbf0b4718
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7009911160079068764,9540214211575976644,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
e58f8285ab848676885c13a2cf587e1b

SHA1
51eb043fdf71ee69d9b85645e8819a4367910a03

SHA256
afc27c5b49ff9772fa25b9115788aefdc4bc5b0b3d204e83ef5abc52856af18d

SHA512
8804d39b04e8b0b69b061ae90e505fd7a46e00a7d15e5a13b1a4def501361dc96b87e82a427f75eeffd73638a79d2371c92863fd6db7e6f55cca8ac3e7fac094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c2c0a97b6ab833860efd08e6bd7003ab

SHA1
e878d87500573ccbca279d5efdc8f84969c1b57c

SHA256
2eca7bf1801465fc5eff590360b9f8136e345e60ef94f05a33dc76055abd74f6

SHA512
81a391b791f51932dccb148ce615dd46e2b2439c1c1866dde53e25825f86c1bc82ae2f0ff9fb16ad18397896565ff4b317c1b5ac63e40a23c796d9b116d746f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
199b8cc396396e5f7185fb9687afc99c

SHA1
3061301e0a93d2765caab44a5b44de595888d608

SHA256
46c73b4f433363d83d493b9b8f3c083a93065d3b36bd232048dee0fbbc9c3457

SHA512
86f7a0f8eb287a787787297d612cb9ea5c1fd56bb2a35858e0601ec9f6486f14988314547564bdd987afd2c046faab6d2471cdb595b360dda2485e18eda3c767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb7e9d264b9e9bdab8304406f7ac56c4

SHA1
6e6a61f3d3b686bdf5f41c706c8757cf5d801902

SHA256
db695fabfd110a303268f90c3c4cf95dc0652abd371c419bc259263e32f021db

SHA512
9de6b6c8b5fe16401933b9e46caff1d8046d166e4eaeca113cb29fefb45d3466f90df1e82759b196fde88a8564051bb3dc7a6068c4d1bc095c7254f7b3eb1e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
03d168d5ba21a25582f4e9788e553692

SHA1
bdac9dd80246383b433f72f37e1f7cdb1f64fdb3

SHA256
860083d39f93a87c6fc4f5e6d6aac9e585a49449238556018c2ad6eb711bb1fd

SHA512
0e5ccecb7185b4987ffb965869b6c0caf6e1750302af0ba2ad6418e26935ca7bcc3207961a65123ca360240bd1639679110baa2c3c4ed5bc6bab4662170323f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8bded0d0486597f9693da80c896c68cc

SHA1
6bca202ef0817df4ae99000758fe7aa2a78028b8

SHA256
87bb2cbe8a917650478cdb74e38248061aa9832b8f8d16d2bc8c0b794e66a01a

SHA512
4b1c3b8b36c30e7c44a3f350be4413fbf72eab7b2a07ddebc8c265a7f5120ad1e1d0e9651afa82a59d8cb619b2df2e230da99b8f3dec58ee9d3782cbbf16ee91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
264d6ba22df1f26626f098d694976d93

SHA1
ff0eace1037a2b7604f454bd751e0bb97e393a96

SHA256
7991ac73775718dd76d5552b657d8a5a7d33821d48d805c49af50459c401f145

SHA512
2f651429fdb69ab31f66aa989fbffc2361f9d9db001dc0657495c978b55d6e8a91e7f1deb577b2a47a53759083e60915ff9e017b1d22d662ea98bf03b8b95570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b7770c465a5ccc707b46d0b82478e05

SHA1
96e907adaa18705eea8c669f91f275f7be2d4f82

SHA256
de5ff41e966d0efbb9578565473ca7f85e1d26d11f7e7a1bed2a1e0f23791c8e

SHA512
a6dcd1aba44e3d41ada20ed1bc0e928f3473292ec735b8160d92432e25a8fc235215f8c045b94833916092c3f61bb7d0af0fd151d7b15917a9f5ee6a22ac5817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f2e.TMP

Filesize
871B

MD5
ef26bbdef6977e5b27e6a8767bdf32bb

SHA1
948db3f5103f75a8776009ff25d6e3b11d0a951a

SHA256
c58a5606c76592bb44c038887a1ebd370e8b847e7c2cb894558836d8fdab3de6

SHA512
4b128decd65e2ba2abf05ccdda2b83ab021cabc2a6dfacfa636b8625598b926bd61cfdaa52a75d088fceb74485834079352e9fe8fac78f81099daae4f6e0da95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d1c9ff81-d8e0-424c-a3cc-0b6d47e9943c.tmp

Filesize
7KB

MD5
24963c75ec0067265997f2c8835e313e

SHA1
c464e804eb2f15344c3b508a89ba7dd069647d87

SHA256
9445e9d19acfee6714a7da24734000d8c5c7c942de18b352fe4cf46c9014084b

SHA512
ac2b45cc5121b91db3b45e30cd42b976ee80113bebb4d3ba5e491356509c428349626e490cf97db6e4221073eb5571085e26aae0190c8ac73cfce582b8b5d298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
051c134fadc4f132125b17139c0a0416

SHA1
9188a5cf0cbc37a95f944d998b96ad3cd4020491

SHA256
541525340b1a5d451597121a121766711a9d6eeeb9bfef8518b42888aef73834

SHA512
16c77f1bc646f3461c882a052ca44d6cb684d053b409ec3c898f9c38f65ddc59becf98566c0c410a7153b819a163296858b1b1198d52fe1b3074931ed63dc3b1

Download Submit