2153d4faf03919bf87de01ef5ea6d4413381d611844345154af0be3d4eb964f4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead04c1b602fa4c826de0e6af840f5d3_JaffaCakes118.html
Size

251KB
MD5

ead04c1b602fa4c826de0e6af840f5d3
SHA1

706940ba50af734200d2c69407c8579b67534f6e
SHA256

2153d4faf03919bf87de01ef5ea6d4413381d611844345154af0be3d4eb964f4
SHA512

21540318be27e666d8b81ba698831c5e806a179088fffcd6b3e987f41d6313d5c98defe7b8202705cf77c67f19fa9684214555192c3dfd5b1de6b38e76b1cf80
SSDEEP

6144:+ylAhZNt4gqu+dfosndxE/vUrfHS5FKOl3Ff7xdHXK2giFEXme5urlfR:+ylAhZNt4gqDxEErfHS5FKOl3Ff7xdHf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
968	msedge.exe
968	msedge.exe
4120	identity_helper.exe
4120	identity_helper.exe
5724	msedge.exe
5724	msedge.exe
5724	msedge.exe
5724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 4940	968	msedge.exe	87
PID 968 wrote to memory of 4940	968	msedge.exe	87
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 1368	968	msedge.exe	88
PID 968 wrote to memory of 4472	968	msedge.exe	89
PID 968 wrote to memory of 4472	968	msedge.exe	89
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90
PID 968 wrote to memory of 2292	968	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ead04c1b602fa4c826de0e6af840f5d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe121246f8,0x7ffe12124708,0x7ffe12124718
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2820541115962533442,3594722722914851242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7ccd18cd8c6ba5e50746ff9c5f5585ec

SHA1
c7ce717e3274b250663e321caf944e8243934442

SHA256
b0fa6636ac36db95df926ffb3759be5d1683b5baa40d62839dc8cbbd1961280b

SHA512
eec5cb3a4d97a8360d72181b931084f17b88ce6f91fab6a8e593e18fdea4b546e5d7d9e947b7ca3a364e04fa6b4396279f5cd1768e65c844318fb5ea78bc5741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bcf9eb88158c9dfcb683cd3a9aeab23a

SHA1
9fb9f6810130de1def5a8d4c88338ada5a35f1a1

SHA256
d3a7560e0ab64822e381a1e92f7b3b92194be6e67438d02a9490e91e3d4638a1

SHA512
e7861bd4ab207183abdbdd9e6b8108d9b830cc5222e709aabc739ecee3aeadf671bf979d8f9b257497c763752028da0f943343a37e29a5e4b6863247b7e00e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0add66c204310cbe8fbd547b3a43a2aa

SHA1
303cd2b27310d054662c2e5c3b915cf24d208c0f

SHA256
d2d2b759e917c2becb1384785a2c5fedfbf7ffb34224e2f4a4647f65b273bfb7

SHA512
58e7fed0c2cf3ac02afc48741f624f755d2c1f008219253f750bbb8132002059f0c345279b89749d94d1bb8a4a23222f0b7db0ad9be3e356896836e475341763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2439bb5822f6a09c7ade70cd27be5731

SHA1
75a11903a90cbe57167668196663e4a71a1cb024

SHA256
aad4c2440633a535e25f09c46702e1daf76352e091ab1a7ee6556e64d13d7b1b

SHA512
069221d08c68fdc5d9ccac9e3cab4aa89079e921218f6e9568bc5460abceaf089df60d5696b9133b63110d1409365c39765048f246017dfc5ac8a6f47e0ed06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
140d937b9cca3fd9ef499f24258fc2a2

SHA1
415aa9d1db9b17d617ce07882f6c2d410e64b74c

SHA256
613f70d16bdb5dd26460aec3dc593f8c83bfc6e66c611af15f799955091d13af

SHA512
ef3bfca4a7ba77312b010637047092e6e5dc8c0d320137ce14b8b717f46d87f03d830331b682d4c9fd2f531058d0ce61ae7ccd91e875534862b3f6fa5970503f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59af25e22be4fb88821c2f2ebd1986a5

SHA1
681538cef82721be8b2915918a77d7621f831586

SHA256
bacbccc3c833954e49be992b7c11ebd13b6e0be95be70c541f41aecb74309a50

SHA512
6454f2d93bc42ad62031ef175af435262c4f8e47ae9fd924ecef14013de576097c1b0740fdf0b8e605e355ddcf31bccbf162ca8c73bde12c21abebdc7ec0fb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
fb634d3d5d5dd93667575155e229891c

SHA1
67897efba7a42e629022a21c16ed5e1c16dc10ea

SHA256
aaf607881e02fe3e850bf4945061da0044a1a4f73cd9660456e277c0b27df69c

SHA512
20fabc486cca3f7001a194ac211072443518556ed52c7395931f78c690114c250c8bf9f8fd0675f14384d8df44001cb661687e2d170a8bdccbd60ff47a5aae82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592c56.TMP

Filesize
204B

MD5
613c244ade5dc7007f4617b0dcc1c9dd

SHA1
3df1483b3eb8eb7ec22d815eda464047d5cbc8a8

SHA256
ff3b68e44a18b3ba598591aa353c6a7154d92de6de520986ddcdc1db53a4ad89

SHA512
909054a6dca4c1585efd9d5b6b1ff3a83c466417f1939d6daacc01b4aaddc95e81b9de1d63bbf468c183383ea4e06c01bb05fcc56f8e402fcf3489f067ba7fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4f3a9cdd5617121f0b581752bbfdcc9

SHA1
314b6c123c4e7a1cf220a9bdb1d7d45d219518d4

SHA256
f3c41ca18ac4a8218bd95121b7ca2bbd8d83d55143fbc53c43739960021e543d

SHA512
5c09814940a24f13d4f76d5a0c9fcf71f3beb71125a62bc132b62411bb6adf69a473db3c0a1e29ec47ea2a87d794561daad5652e4fc84a1d96ed193068c12702

Download Submit