c821b36171e359bdd476f58163c46f99068493e3e6915082a47810df5a8ae7a3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd42b301589be6d2ef9c0d9ffe8e15e_JaffaCakes118.html
Size

76KB
MD5

fdd42b301589be6d2ef9c0d9ffe8e15e
SHA1

075f056cdafc508c93bc00bd572495b0953bb69d
SHA256

c821b36171e359bdd476f58163c46f99068493e3e6915082a47810df5a8ae7a3
SHA512

95fb97803d982aaf400aac74bcc6088d24f23f38868ae4ad766a4bc00cc13517185d6e4a948d474eee27440d59eaab49bc868c8512d75f9ea5fbab6380b510bc
SSDEEP

768:IuVC+slagHgOriWNMayok7jE4fOlD7ZJjY5K0VmRlQyrqmXJtKpu29NEcV2:IuVC3laggxXVOlnjYAQyJtKpDw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
4636	msedge.exe
4636	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 1636	4636	msedge.exe	82
PID 4636 wrote to memory of 1636	4636	msedge.exe	82
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 4876	4636	msedge.exe	83
PID 4636 wrote to memory of 404	4636	msedge.exe	84
PID 4636 wrote to memory of 404	4636	msedge.exe	84
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85
PID 4636 wrote to memory of 2704	4636	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fdd42b301589be6d2ef9c0d9ffe8e15e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94f546f8,0x7ffa94f54708,0x7ffa94f54718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15045857885007398072,2805048460670701231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
eb64e5c7bf8eff4dbb145e53672b0f4f

SHA1
2decbff91660f7a2768936ed3acf454d74749ac0

SHA256
14963b04e06fc239a06a622e0b6309e548165448076d023d35b56e5bd1ef4c4d

SHA512
ef6a999cd1c789ecab44db18d6012613fc5d15a20b0af480ebb04f66867fe592206e22e085f6a6b73cca187db74bf4e4a5360b79d8519e63b871f88f658ee6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3ed0c9533f2bd0699217e14d73869f26

SHA1
40cfa9cebeda59b2077945131312b4e12d87c754

SHA256
ffd2c9c2d1ea986a69c8d59d189e0b58444c4b86e3eea115616a775204673612

SHA512
d00e8cb72a015c2eed10a29919edaaa9a89fccc36a326bda9a4cc594d2999a49fe5cf23535f75e598a105c41b66cebb1043a6d534bde9a57853489e5b0863915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2e3bcfd450516ceee96b3a3110d7c33d

SHA1
a2585657884d753a6aecd16e71ccdda24982b66d

SHA256
c4c6abe392d3bb10307877e43d01dc14f3328daeb322ccaee56c24f90e0f853f

SHA512
58a6c9be7a5f362efe234ec49b861bcf6eea45414d0ea6059403c413943f33800f39a7c46f020a92460102b4ef22063e445131fee9dc1d929a4561c088a15c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4d136b22639d3b88c6e9e575ffcde96c

SHA1
2eb2021bb1cc68b220e9b1ada38a99ba88b7e0c2

SHA256
04ff0608e8dac6ecfe241241766eaae4739f1b02dfe2cfa6cf556685099dfcb6

SHA512
d4ae11b18043cf07db7f5371e292ce22bdcff43da3901fe532976f54cd567bda5e6b9d0c99cdbeea857310f3f6f486acd293d922400c09976b345b53295cf30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1075da2a4cd9e04e1981ab67fc9b2fcd

SHA1
e981c40c05a4a7ee1d7afa29cc07cef9190af702

SHA256
cf58017420abe050cdd8c38e31a52a7f2223c4fc0127300c80acb1d022c5de6f

SHA512
9e87396a55378deb867ed6cff1591924ca207c1b773342ec8990bdd6495e59b6589a5f9b00fe091d033c9035b15b88b0616134e31f925cc9dd1b5d802297393b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5eb46c273583f064b85a635f51d4c64

SHA1
220cb052ed1e9607585bcd1c59a8ad0ff1e7b711

SHA256
b2e999ecd397fe4cdbf7023a34d539c63098acb6f840f2715150c38827ca02f1

SHA512
519850863fe0162ed6977b5cde35d1432e5184ec5c30ab3e1bd998e2c1a1fc0b1e2f9008d34f4bc2828e0038ac63f6f88a5dc1ccf173f47d2db404ef9974bc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d79629954589f54612a7f56d84381659

SHA1
d23202a491152db8d6786bd35b7f546d2e20b251

SHA256
b9b36ec2d92499c6fa2eecf7ee72ea6b7fd1547c9b13e969b0ab368d3e79a784

SHA512
161199b783a73e443b22901ea47c5046df897101abf48fa5c116209b82583dd081b112d61f8de99d9b5cf5ecfb856d078d4153c9d97782bcfb1b03bdea5dbbdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cfbbdfd93c0a9a23dcad98123c784cf

SHA1
72de3023132a68a4093ff942227c2f3de2577a15

SHA256
55d809177bb5c306bd401be49fc9be9f1b1279490977295adb9ec36fddc194cb

SHA512
fdf50996ca197dadbcc59a5938c0bad1c45a373089c2ff68e04e7d49a5490c41b30c0d96c32e123bf64b3976570aa4bf87fe45dcbb91d8b94b913c0b398d180e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b0b4029b178f9e888967ab3f0a973611

SHA1
2daef3d3a761d0cf07d7736989e3ac4b81963b29

SHA256
12abbc0417acac405db1c02138793a178465cb90dca73e6d59be298bce6054bf

SHA512
2dcd7e3ee66c924db820d276550cb453529ab6002bc55700cebe38540dc33cb70a5c16c4cc3bfea319a8edc284bb94110837ebdd33c568c59671ff2b8b80ee7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581bef.TMP

Filesize
204B

MD5
45dc702adb7dd77921165f7d42cce4f1

SHA1
e303fa1525501ef45ba02cd2715d457b40aceb3f

SHA256
62e027f14db59a8a08b3da8a2fb550843b0be150f5444b31adf3233f6fe107fc

SHA512
21e73ebfc9a0e364df113f42a564b9e19615a90ca87f23fb59ffe27e0dca1223806723bd158f720811b0adeab2ad7c1890d66a553abc9af8d6790853e2087b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2bcd50787b1726eae066c2aee3c053c2

SHA1
3be54204f31a43126c6e9a0047afa12bd09342ce

SHA256
cb24408fccde9acffb80a7b2d5418e7b92adbc1edad5a3c3cbb54f2b11f76e98

SHA512
b732b71e14be629372d4802c674d3e6427bbd6053fea3168b138df3cc7c3072043735855ac7978e7580861eb02b7b4dd97ca216837b1ca21cde0863efa3882ba

Download Submit