96248de56341d65c89f7c5829abcd33e384f1140febee92553c81a19a1162813

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab5c9e1bba55b23fee8306b86ebd6359_JaffaCakes118.html
Size

62KB
MD5

ab5c9e1bba55b23fee8306b86ebd6359
SHA1

dcc589e674b8d44ca558c4332a40c5cff407a15d
SHA256

96248de56341d65c89f7c5829abcd33e384f1140febee92553c81a19a1162813
SHA512

23d9365fe06a04e2e1a8b357d78757f229ff2fe1df19c7a3b78d126377938476eaae970d93a763b1f37d135713a52722edf958dbb6c1f3848157ff40c0b18cd3
SSDEEP

1536:qkADkAZckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakAr+SvFS5hBNOeXcnTL4cxNLQ:qkADkAikAIGZkARTcr0uGNMxZPdJXxPi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
4556	msedge.exe
4556	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 2840	4556	msedge.exe	86
PID 4556 wrote to memory of 2840	4556	msedge.exe	86
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 2940	4556	msedge.exe	87
PID 4556 wrote to memory of 452	4556	msedge.exe	88
PID 4556 wrote to memory of 452	4556	msedge.exe	88
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89
PID 4556 wrote to memory of 212	4556	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ab5c9e1bba55b23fee8306b86ebd6359_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a4718
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5779068393308805033,111275937920411631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ca78e7f-449b-4cea-8f29-8b1ac068864f.tmp

Filesize
371B

MD5
e89fc30cb0f3a34c6af1bcf4a7c3b55e

SHA1
7aa49536d03b0dfa3dcf82708340108b820a9e38

SHA256
6abdb5f7657cb026d77df2f9b302902d09d754a20396e0b508099fa91f7c1f1f

SHA512
61d59cced7e7e9eefea50629fbb1276a86430db77ebb2c28037c277b22afb30bfcd683f28d22be3a680de7f9ddcb18bb954cfa8951fe04764a74e3a5238426a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b2599058f0362e310ac60524709e0629

SHA1
38692189f561dc34e2150f86f60eb171780d6d17

SHA256
93fbaa88f6450be1fc5a3ebcbe0faa4d894f1f760299d06b51749519a4a372b2

SHA512
7a0bf8967b5f3c9b358d2f90a697bf70cef7784a86e33bcf489e4aaa45ad4dcdccf9bb0bc893c408cb4092db952a3912b319b2098bce1e86b0e8f8f911a7d7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
50ba55622ebefdb467f9e6cedf7c194f

SHA1
d7bbc6350d5f8483473585305912dafc63978ac2

SHA256
709a4f72ea8c5c17d1ecb37d476c4f7dd095ba5cf59034c0f0ce8c33a6e9a064

SHA512
6341bcd5f294e5dcb8052873c703925b60395e1821ba5e46d78e7dd0ea017ad43477c3369d9a39c6e92273b8c378a164f7f29b2e91b5db590865b3b0b4be8c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
70d97cf5a892e559485432e3cf9c928e

SHA1
99a37aba61ba1b32d649bd12eaef4d247f21f323

SHA256
9210ed47398eb357287ffa256876781034980dc2a226d1bdbd18ec549dbaff9d

SHA512
c3ff414d8765dc882dfbb0e56c0f3186ef2844052163885dc3eebed4fd5c2bad0e40835cf634ce43be7a3db274d67543e9f908e1e1a63793372bc260b9b59965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61171ab102db176e7940dc5d4c943583

SHA1
bb0b3ae58876c6d7711682c6af83983c303b1565

SHA256
a195d738eadc91ebc73e0dfeafc4d087d44c604e27bc56e1ddd149e9c12334b2

SHA512
090d25fe89ece618818117e4f785edcb438baf13f6ea8ce12661315c256b1f2ba8596caaacc3eddefab95b1104ae153396f082cae994eb5f5fe8e4de2057fe2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
082c8562262a2c105a607c850c55ebe1

SHA1
b2d48513a72b370d88007294885cfe1e7c8deb13

SHA256
d294a22897633707d400db27cdca446812f01451ad0a23777db260b1034c9b32

SHA512
848ded937d3b348abf08349cd7faacd356766736418879ff167738e32a3592d9773911dd3767153e397639718830a86ae7dccea04d66e1cffc5d2417538d979c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8270c109ce6c62779f472cb4b29821bd

SHA1
608262eaa87a249e8fbf8991f9eb433ff175f397

SHA256
2b449c8f8d462dfbfd466caef86f4fdf736722aae5f9037b5dd0eaf9948a7570

SHA512
8abfa0f1d03f84ba0632d821d6213c99a136b38a5ce24c6475e97811f0350dbcc8af33c9d80c1eedcf00149eac064bd38c8ce1d8635656b88de27575cc4607d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2c4489233393c163f16fb08c2446b05

SHA1
d6af3e75a3612ef8c0704e0c90222835cb829145

SHA256
c7c12b282c33e5bf84868f4908e5de9fcc245a04542c6dcf864573b1a4329d62

SHA512
70f810a55da666e2b5221340381ccf532a1eee9935314da140127f3f4b406951ee2f08d4c663f28e2d1c03b4213c232741eaef4ce08657e56120bbbd0a1dd57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b3733bb013fc2c93547afafa977112a

SHA1
45f7d16d3c1028e2bdd8d6f1d19da6a219d3e6b7

SHA256
58cbf24bcc9763ace6bdd8f4cea2619aff9907718a432da38bfc0a215fe4da07

SHA512
acdffd52971705f5c694e6ae3d368c6fca09a54a74a9c7db8c6c0e0f3721747fb6aa1e46d7b242bd694f58d6a54ec4a182accfc3c796c9b0669616298cf52d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14e4b853ef69390812671f10a66190f8

SHA1
90a14df43323731f63a2cc5de774401ff143d512

SHA256
cf4fce303d1e097fe34648e5f659a9e6353f5e198c8ee20d463ace293d51d964

SHA512
3b9c0f13bc94a51b1e0156069c2520751ecbc1fe9a7853691905a37781c76fc129c7b57f875108b9ba5f589c3da8382891caa75c73f62a5f6583f12c2b2d59a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75d49a42f2d784d822101b30d6c6afa1

SHA1
cfd1fe665c8bee3dd62fa620e030bb202e167ddd

SHA256
fc6c3b17b69e1a5ce0903453f77317edbb62944c08cbdd60e095e49d60ae4993

SHA512
5b9b84804c59c5df6bc5a77a22f6ba2c249e051ebe0912ac91836802044d7507e7e46ce5b1c94f093448b98e7a717861bbdcb4f86bebaaaba5b8f00c07fa5c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587441.TMP

Filesize
204B

MD5
1f441c2de335d33043c349c44b9ea6ea

SHA1
11a1595da851c8a8b29ece835b5a00dae53146ab

SHA256
ceb6dc0d34bcd9668b05b951c7f3411073434ac48e3fcd6ddbc692ce9727a97a

SHA512
deb6585d8435e44f5bc79c193f67d7ebe7e8d5f4c02893a08cccdd1a7cd0f9ec4cff49a7f8999608e33c7bb4cdbec282aa0b715b532e9707a6abe0286d018f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0444f246e2119b5b1eb10b47f8ecd8d

SHA1
be52d14e000c0befed381eb980a9518e500e3049

SHA256
7f3ed295405e379f6cc7b1be3e44eda176c51bdabe7ef28ac01b2c6115b14d9b

SHA512
cf7fa34d6b55ad36aab472041534cd619567b5614987aa50410e49eb59383b266ba615f80d07faf3511ce589f53de34d3873fd43fcc9695fccf476d2ff7e5bb1

Download Submit