198849ea99de44a3e84fd8e34bf89fd01121a39e3882dad078dbdf64afdabf69

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9ff2ead47546abbf215d27f388352cd_JaffaCakes118.html
Size

16KB
MD5

a9ff2ead47546abbf215d27f388352cd
SHA1

6babf999cffe0213cb21cb3a420e187b1072d5d3
SHA256

198849ea99de44a3e84fd8e34bf89fd01121a39e3882dad078dbdf64afdabf69
SHA512

fa2ffb10cc2556a4fe48ae8963762cac34a83f49015d4a0ccd3628205b0ae3974282facee18566d217600d12db2e7dae5d5c1c6e821f10473123f78a27456ddf
SSDEEP

384:Pdc4898UBDSt0EeEazNYEI5UQm6KLRF02V:1c4+B4k7IeuKLR/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
2776	msedge.exe
2776	msedge.exe
460	identity_helper.exe
460	identity_helper.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 4728	2776	msedge.exe	83
PID 2776 wrote to memory of 4728	2776	msedge.exe	83
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 732	2776	msedge.exe	84
PID 2776 wrote to memory of 3556	2776	msedge.exe	85
PID 2776 wrote to memory of 3556	2776	msedge.exe	85
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86
PID 2776 wrote to memory of 4948	2776	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9ff2ead47546abbf215d27f388352cd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9111b46f8,0x7ff9111b4708,0x7ff9111b4718
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2181684060604668558,10561697349309181304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2d3deedb-028f-4644-9e41-63d889080ea7.tmp

Filesize
2KB

MD5
679c9fc424c256d5b279a706a8ba21d1

SHA1
7b9c3756ae2452d5152395fdfea0542c190536f4

SHA256
1f6ab68f2d561ed49807c09129b100af72109c184d1d64ca257ac1640f69f4b4

SHA512
cf04bfc54b6b675686f7239c8dae852b991932231fbd6193f3162473d6fe4fc6e8f911a18ac8fcc91bff7a80234165b244a8077d6cffa22790d24b5ea46929bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c70a8cf1d86152b1f1b818275ae8f573

SHA1
eed2a9941310f6562148fccef85a2d7616e4fe56

SHA256
2d2610d730154d757f53112adff7bdb0f665dd8a0f13391195ac90db44544e91

SHA512
c13b800ff70ffb92b33f11e523d1458c158259bba82d38803e759c1edb9aa282370f563ed989fc51f12b4a6190ed85df4a2e8e26b2656a7c51a39d056303b912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2d939ba5fddf33c57ab4e84b78be99d1

SHA1
6fe904d223a4e46d8392626bc1319402b04cb028

SHA256
bb6749b4720e9d999b75520727329b6340e7906239e1d1b024e502fd528a20fa

SHA512
1905f91618c0785b219d5f603a04d0bd69c943d12cc753d55e45ca448c9162cce0eb184acb6eb4b3f20c383bee95fe0e5daa37cc75d3879edf6e7861dd982972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a16be7b4f62edc9a5b7c6c4897fdf7f2

SHA1
98690888a7219c13ccf0686bbd626af6ded1bf7e

SHA256
339f81b5fd8f9d00922165f0d624f9e92f8bba5cbfc7c8072db649fca08c1ea0

SHA512
f40a680f63a39d8fd733649bffe4c013f9bb090c5fbbd8e049f5eea14571660e3c99f4e942f8fdde735d5ba541f14ec77aaf19f869a848db6783754f8c6c87f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73ba9bfd8fe8fe9d03000bb98df83f1c

SHA1
987cd486531ef4221963f3f59536d73bb55d46d9

SHA256
f5b5b083a79819daa1b3837cf8abd1f11045525df713f12fe2c4bf53ec0004f4

SHA512
bbcc5ac2b2d539645cb31b9c109af83ebe87857a15fdc640e91e91b5bf8fe10b5638e67bacf4066a5aad95d484349cc97e293b3b51fc423cbe266bfe72e98414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f56736881ccd01c40dab5f64a672aeab

SHA1
4996505a0aee867f2afa5a7674eb3c06997930be

SHA256
b5bc6f37e73eb106873b3efcb287b91c7a9eb55a192e024e9d7cfa5a83d6c908

SHA512
f0b0d23d4e3a0ba6926f01bee3d52b9a26f5e5ce6961c0f7890bf768777793ea1d8c83fc3af4cbb4b01ef0830e5bd84f0610bdfdc198eea765957532da15c5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
8a3dd9cafb9c7d641cce6761924d6a05

SHA1
59aea417cb28043d22af94513f2188b89058d7dd

SHA256
18ab5cc6fb49a84bcc87af8cee711b916ca824a27ce99543af8779171358a3bb

SHA512
6d93990f8c729073a069c84821f29d3c70ade8b469c73db86aa2b1440cd9f682069d1d99db115f78019f4d309eab88c46fe76554203cdda9d72ac19c0feebdb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ac58.TMP

Filesize
538B

MD5
9ba1aedb6a1c73eba5bd1274874695d0

SHA1
057eb1a873397dd9cef9752f1e691f938e55a31c

SHA256
1f3f269c9e8b390fa716e426b381bb999978c533afee775a16460a98c697f92f

SHA512
e18a5308120828fb16f6adc6704fa65b757c240273a39a42ca420c65e50aa4ae2739cb4a224d5ed068b13bb5f6617d3ee2a1236f0b90d9842e0e9ba4037ecb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13bc26541c7e543f4fad42ddd9cb23ab

SHA1
cb445d5f1c061f7df173a433b754d2c9d68ffe09

SHA256
e9f2e5634e947df3762d1c309bb1225bbfcdc8e04e6919e52be6a16eda11acda

SHA512
622a1d649ce817a7835d23cdfb2493d98665f6e76c2befb777b581f8a1f885065fdd1afe60fb1c162c2f5ff9d562bd4b420e09b5cd6a20e56276d64aa318e1b2

Download Submit