67c511104a0157fca15e72d9ed3f112bba2fc9c38c21196a74c9e29609ca953a

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 07:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

be25263e57fe0b9937015ba7a3e7ba14_JaffaCakes118.html
Size

38KB
MD5

be25263e57fe0b9937015ba7a3e7ba14
SHA1

22fad0028168d6a4fedc99a109422bd35e89b94a
SHA256

67c511104a0157fca15e72d9ed3f112bba2fc9c38c21196a74c9e29609ca953a
SHA512

fdecccb263410a9f45625af6a439bd1c57166d933ef17a7493e811bd630d5c3e706ab2786cb33eacbb12fd5f36fac9b8d394fa94855221406b932da530fff86f
SSDEEP

768:UX5X5GQpwvCJE4SU6702i1igaZwPOdCXcSaDDWXpfS6fV/hBs5:UX5X5GQUuSJ70T1igaZwPVMSg5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1488	msedge.exe
1488	msedge.exe
3808	identity_helper.exe
3808	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3624	1488	msedge.exe	84
PID 1488 wrote to memory of 3624	1488	msedge.exe	84
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 2816	1488	msedge.exe	85
PID 1488 wrote to memory of 1896	1488	msedge.exe	86
PID 1488 wrote to memory of 1896	1488	msedge.exe	86
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87
PID 1488 wrote to memory of 3940	1488	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be25263e57fe0b9937015ba7a3e7ba14_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe955646f8,0x7ffe95564708,0x7ffe95564718
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11109868506923963535,7141941916040498352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
d0007015af7e55b5874b6f7711e9ab67

SHA1
fd514e45401ab3c27d2fded42f34024260086150

SHA256
95c98d45b7481d60c8078e04973ca86a67833927fac958ed6d8c28593454aef3

SHA512
375ea404a1c847f5b5e10803277d6a54fcf22ffdde3f41a06efbf4732858d749488b7ac67ffd9461a3d0b7bfd8f18ad465946cd4123c54383a410db6e699a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4a2565f889a23548c6bf236774019c7e

SHA1
6316725cb11b731bdbde7182f381d27820c3389a

SHA256
f8cc5ee0f754b2325e5f68363cbf020cdd4a94b10cecc747b3cab4c0b5de5b72

SHA512
5c61be1d1b7435717e6e40feaaf5254a08f953f07dfc81be8fb5446d399aaa75d3ec4931149d23b6f015794ca000579facd5abce9ad98e39b8ea51b4e006ace1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
84081d1de1354f77c269426ea38add5d

SHA1
e2f4309fd6b6e9561246f96669be37163e8821e7

SHA256
c8f5dcdca057d3724fa9a27ca37f900ea863696126238228f7108d6ffd004977

SHA512
b7580eb3a47d9d58ae08bd2f9fd83a38a6482258c32e4fc7caf50d26169d8ee4665c14aac06ee7956c10be4254b6db69297ee934106ad75d18bcfe09aa62f3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ca858c1e874a7a7121f3c7cb64600ac

SHA1
dea9038879b06e5548d174457f07ccbeaed16324

SHA256
cacec9e6926a94eca7b2421cd7c1054629fbfe18f6e30b05c6e1c32371ba726b

SHA512
6cab0c4ef197a93334714d74e60b594fac4d93c211938e549d03c56f45a7673460648609186389e7745c5799b88bcbeeab385a4b2cfd7a1dbcffc299c4ec67ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05370d27cfa8618493bc3c18388f43b1

SHA1
532864e0926992eb55b429cf1acfb72b1d5da351

SHA256
51ad6cfe736159a33db92a43637031a226b1c8ee058bb1b5ea8a56ac4efa9428

SHA512
e6cfcf0af66c61a452183d503d94661418ceb26fdf8e0ca48b3aa9cb2d9fb18c50d41240132c34a63be267061242feb4f19fa0115f2b9d8d5fe51e4d2970480b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0cbc37f29f67e8968456e1001895172

SHA1
7ef33db34221461f1e19362c7339326c7204aec9

SHA256
f92dd909792d64b0b419bd5064f465807cd29d355b83632b767e2b5dd21192ff

SHA512
844df6ba5bdf1a70b7ca717c029b6c3eebfaef3573b5c30d80a01b374c67eec8d46b76b160a0c79c4e5b15e145313e572c9f8c7a70257dacfff9478148b42876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
881b01a478ea0dc8d2c90652eb0be7c8

SHA1
f9c6bd467464a8b58a1e39debfadfe5daf5b0685

SHA256
57d596e8db84785dc3e1857ff31fed0a951aaf70aa02134f405e4e216ed2876b

SHA512
bc1616518ecfd4656bd52b39959c6cad5c0923dc8c169e75db4589f365d8726f0848619fdf3d179970bedcce71c9f98a46465bd19cfa64d7c8b4d3c35c3cf177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
682826a2b76fbbe12b4618c8f0f1bd88

SHA1
5a988d8be29c67e22f8addfb47f5fe13f0e24f56

SHA256
5aeda07c3dd4f45f5464880e6ce36f6b60d741b28aabfe9f3509eef1cfc4a967

SHA512
564dee64bb50e203551fff74aeef474025aadf06ed3a690db38d89aa553278aa5396ef2575212c7f5f69283c548943db81662c008c3f905e5fb52faf3e71ea60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
15e256b2ca99e219d8eada77635c2f47

SHA1
07dbc1ab25fa535c86c13f59664b3b19f03c8507

SHA256
af1c29c48f5b04b323adbee58980afc93867a12dafaa70706722791b1c3d2958

SHA512
393dd80d416da47414fc9d5b3d49a7fb34303096b664248439b52f457a18261234fed6cd5cef98f8d5da8a56adb02ab4d04e15c09e780744306360f91f0eabe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581373.TMP

Filesize
203B

MD5
a7363a69c68c3d3f1626adf515775a21

SHA1
d9b5e10dfd701cca0d4cffcb11d12b515abc3397

SHA256
1a40ad60737a906c633232ba67c079761d7c0fa604cdd20a49ef0e92f2ddbf3c

SHA512
8925d4052cdbfb6b8d0ce44c069322e0e1952c91d3161c8c61235aaa3e346691853ced7dd983c05061316b82286902d3632a545e94f9f91f162926ae376ced07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96cbb45eec1f7c6b3022de13ce0ee266

SHA1
0968280105d863f83b7f15b8451488eb0548f49c

SHA256
5c0198f7abdb00c3185ae25173c9164d027f5dff06c2be613c8ead92885e565d

SHA512
a1f7be15f9920fa6df524519b5b01546c67a1f88bf69456e0a2262ee706569e585932d47a6fcaa261a96fbaba1e15a5b1c3e832a72831d86aea8919bdbe6eadd

Download Submit