c05fe0cd3074f820d89a4149f17c0b801f6396a3fa39757aca6b0da3f6a72573

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a81f55dd87563b35aa49efbd561cbd8c_JaffaCakes118.html
Size

57KB
MD5

a81f55dd87563b35aa49efbd561cbd8c
SHA1

8691244c8270331726f4c1fd0fa9c844df1dbab8
SHA256

c05fe0cd3074f820d89a4149f17c0b801f6396a3fa39757aca6b0da3f6a72573
SHA512

1a8588c9869b828843014b6f22478fabd9af632b5110877c9fe783937363390a6cbafeb5684f2b366039e7acdced3ba0ece86cf95cddc3644d3107729e7d64fa
SSDEEP

1536:ijEQvK8OPHdFApo2vgyHJv0owbd6zKD6CDK2RVronZwpDK2RVy:ijnOPHdFL2vgyHJutDK2RVronZwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
4632	msedge.exe
4632	msedge.exe
4480	identity_helper.exe
4480	identity_helper.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4028	4632	msedge.exe	84
PID 4632 wrote to memory of 4028	4632	msedge.exe	84
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 4840	4632	msedge.exe	85
PID 4632 wrote to memory of 2784	4632	msedge.exe	86
PID 4632 wrote to memory of 2784	4632	msedge.exe	86
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87
PID 4632 wrote to memory of 4456	4632	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a81f55dd87563b35aa49efbd561cbd8c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe54e446f8,0x7ffe54e44708,0x7ffe54e44718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12484779095498082699,4600846465328235684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4634ab1d-c7b8-4631-9283-a8ae7baeab07.tmp

Filesize
6KB

MD5
a44bb33aa7ac7e09d926f7a85189a7da

SHA1
fe4561c257885f98fe127ed5f082996e8c618531

SHA256
0bffa256834afac1b5d0a6179c466464c44406525e65a366066918c3fbec52f2

SHA512
aa2e80849b31e64dc6470f351481d131a2fbdef933be2a8405b99dd40815b0ef8c662c11d4d0c087595103c32005edce4932e639240ded3e8e7f148558d19696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9caa4343-76aa-4eaf-81da-3e1cb6ba3df0.tmp

Filesize
2KB

MD5
33d9a1bae91ed050fbbe37a924b4d51f

SHA1
7438bfaaee90e557714c17b775ceffbf48706f21

SHA256
d5c379bad4a4b21368e0f9f65716d20be9cb8642834cf1daf3e2b4ddd3940534

SHA512
008b8af738ffd685ed98170f255dde131df101e57dd6cbd54cef6b9d9512694cbd096c2c93e17a416915663fbcadeddb7655f96c7a2240d52960a0d6abd69c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
b1df0eb239a7ee3c4854e0e585c8b202

SHA1
8d743b63970cc3db58127142729cfa2af5c4c5e7

SHA256
81812ac9a57878042da1be2a6aab0b02266e6e21d6a5b386f099eea2b70c6f5e

SHA512
20d749cd0506ba5d5b35f8968078987235b942ee017b9a6339c243dc863181e39c78432d134c5d8de82895ec8730b3a97e584ebde2e701e426f6c1293d3e67d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8296b9f23ea22a802c7b74d5530c1634

SHA1
58a2301ca9139c5b1a4f9e70f36efe4736618733

SHA256
cbce1fa2ea8509e09cee780c27584c6e0aeb4ff57ab44d52642d5ebdfc57730d

SHA512
459a0d032038eee4f8b612d1451d67f1ada1a761853f86dbc56a5f8791b933edf657f11f1d7e70cb10f2ad88b4f2c3153ed05943c5237dad94d8f50e12fb72ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
f4bf61d633ea9327d107882f9635ba6c

SHA1
c9116fcad69ba6553e1480f18eb82bac1fe01568

SHA256
1dd2a8617a86208d19444a45519d6da86ceaee49162287e9a6e841e15ed51007

SHA512
ec0b800838c387e7e4dd4a0fe139371fdcb5755394f8d3b6e2560728724ac46e69adaa50f9e5586b328c25cf8751bcdeecf1bb552d6f18c19c2afbf756c341db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
e28f795fd81b7dda0b8de9fda93f4033

SHA1
6c98a5290e618856e63f1a25df62c196846cc708

SHA256
ab831a5eb4bc88a7bf77b9c195adabf0bc11fb17118422ec67b64230c745728e

SHA512
d80c2931df1c26df586c165c2ceab596c761778d61719ff68ee61ff4a1a9d7d76ec067fd156ba6469b34d82cd3046c8ffb313aaf78a35a01aa29a98df23fefee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810c4.TMP

Filesize
869B

MD5
f4abd907fd93a450546698583e18750f

SHA1
43e7aa6a46d59da35cc9265ba638ab03f6b359cb

SHA256
3d2facce13f96b855db1478b829f5645d4755b1c5a960ceb12a448965a8342db

SHA512
4f22b580214bc0d050574ecb66ec0fc68c8809e7874428742ca8ceea62be056e916477c1d6158448846b697911f46c2946e98c56a33aa25801d8bbf6e5c05599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55189a28c8b3d1f7ab8193b366f85567

SHA1
504aa1745e4cd8e7fbdeb428a2b30d4c6bfbc64b

SHA256
806ef69146f67d5bc42862e2c0d46e519659ca9d1e6819dc43280e2587178410

SHA512
782db68ed9d1fb12dafe1c2f4d0dbcbb6ebf313126032ffc33a46490c0eaf9d7715dc5d5c5802b4157c6dbc837297940c266677b954a37d19ff615dd86445741

Download Submit