997b1604b7196e3ef75d553e45f355f95adf68fdbe553ccc7eb92351e95d5a8e

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff91f73c036795fac56e838ea6323bfc_JaffaCakes118.html
Size

77KB
MD5

ff91f73c036795fac56e838ea6323bfc
SHA1

64619648b5c5de7df024f79ef3a98500d7999506
SHA256

997b1604b7196e3ef75d553e45f355f95adf68fdbe553ccc7eb92351e95d5a8e
SHA512

9dbea07a32bd61162a5f9ac27807340d272fedda647d3d652fd8f9fcf2dd96f9bc83a8c7ef7521a7bf135e653e006ec320ce92050d4cd380909da47dcd333b70
SSDEEP

768:IuVC+slag1ngOriWNMayokOFBAMOACN7ZJjINYm3i5NqmXJtbcV29NG2:IuVC3lag1AxO0MOACBjINPiFtbci

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
2920	msedge.exe
2920	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 4500	2920	msedge.exe	82
PID 2920 wrote to memory of 4500	2920	msedge.exe	82
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 2024	2920	msedge.exe	83
PID 2920 wrote to memory of 3212	2920	msedge.exe	84
PID 2920 wrote to memory of 3212	2920	msedge.exe	84
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85
PID 2920 wrote to memory of 3544	2920	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff91f73c036795fac56e838ea6323bfc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6a6246f8,0x7ffc6a624708,0x7ffc6a624718
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17167575341295398512,14694568115879825686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
2bfec172c68787753e75c2bcd6829d88

SHA1
f55c4260ec4456a73d8bbf0139083c1922aa17e1

SHA256
717bcf9863b2dffe903af98c8f2abb785d96c345036a1838f5810ad037339414

SHA512
7f49b0c47778e89aa891afb68a15515c74cf1ccc3834c969a5ab1be022ffd1ef02c783bb7ad9e492436e7ae4f572e03283b24291f7435e5c2d592738ad1d1951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6d3f1890a02559beb5baaef98f15444a

SHA1
fe30c91c85c1250f588a56f13db3318fb3c5af7e

SHA256
5c25673576f65cace1baa0ba38a18f220fcc450d0ed98938e162e9f32db583c5

SHA512
f97d3af2352f48a412f53020a882d42ca591ec536f2227c2c24c425b7b0a5042a6368d95424612af35e56cc8ae5f00f1db67bef46d3a9ccaea43d75350d8e3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1ddb2a5f11a4bf944fae87b21693af15

SHA1
54d63dbb5604355e70d9dbe0590ee676e6bdc0a8

SHA256
211d542ee3686e94d3c8a9f3efe02828dd813a8909236fc287338813a2a59873

SHA512
084d8c3ac4123f7637f264e3fcdc2f183766d4c0bb29fbf69b2d110191d7f51aa83542c74bae17dc2a3499886aaa9a6efc97d21b873dd562e0cc5e4c01054fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
22dba25b6c09ed0a60db4b69158d6a14

SHA1
aa0eb897272626e31adf8ff27d4cb953927f4e8e

SHA256
fc2a2412edc4aa3070e0d62c5f24f7e87baf15f58b7a57b25ae26b76583c5e37

SHA512
3f97790a434f1ea3d8df16c7f01b0c794ad4ee95c167b46610af81fd27f9cb073092b3d83df314390c3fbab6dc1c65dd021bc1225326ee4af94d8d1b2dbd58b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d61141eba0a5f352323d309b5d63b57

SHA1
f4a735cb00ef5817ab55ded2c9889ede20a7665a

SHA256
e5451519bbfdd6f127c64782e0701e248570e4c4b394e49ff32ba5e5f86a4b6f

SHA512
580e7fadb18ec5b6849264f192fdb8f4e558e2f601e9a9a72de8b7684997ac7211ea6e9a296651e4252e6bbcd0c7ebedbaa7d32439d3267bcff402a0f7a99166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df087e199cd0429fc1d9fd11f90fc781

SHA1
ed82037e73d37351a9c26bc4740f9dd58c626dc7

SHA256
05bc001e6efc2bb363f180d6f238a65119ec1b7c1cfc83358299627432e76d70

SHA512
3b953321ffbffa972e841b796bd18346c4915ad082570d14415bd727761cd856105f6657c19c860494bc0796b5f8421fa3d57b68b7d8f0cbf0af729fc2a09836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
236a8830a6db94033b820f7c35201157

SHA1
920dcb1d237e37034129d1b30adb01f2f1c96f7d

SHA256
d27356faa207727a9bd3722b51dfde4f90cf35be58fdbccc9619c9e7f6993e5e

SHA512
5c2a0b9e84c8f09e0a7cbe114c318f57a73b56315a96e5ff08f1d843958099c33b74ac76ae3aa59a965fe8dae291b6f769b170dae1d6c74b922c48c7a016142b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
787402d6ca5007adc9a913c834258c0c

SHA1
87a50e85d9d4584af46b17a08a82c7e6dbe9b316

SHA256
aad12b09fde8eeecedc342a51ee6c87f549fabb5d6337923d5b51d8abbb86481

SHA512
cc80d8a004df46ed054dc16c1a898e71a0d3c3d7bdf59b577ef6403a6079e50bca2997ab3afa30c30f2780d7e8c9516d7178fc9b7fd144cf74e7ce5e9e8c083f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
94d35ccd6c1e0d6fecea484cb6affdf9

SHA1
d252251936ffecb281603e0e82116a0db210bc79

SHA256
768718f2d0d303abb21631e0877f8f37e9b9ec394fc448b7752114ccfe510b3d

SHA512
27e5cdee7f7922cb8a6b64d17a653a59f4dcaf0d37e6f380d4c52501ada1cf785e944b9163f76e33f7f6388e1441a33f8ea008401bfbef4607c2275c30dcd5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1a5.TMP

Filesize
372B

MD5
154b00bd19097dd09e51b8c9da5d4ee1

SHA1
be01020942752264dd67cef4247529ae3a3c633b

SHA256
010bfbdd2e6b064def158c7a7b81fa4fb639be46588efcfa79ef8b7ddd88ade7

SHA512
d25b738ac31957b0e528923d547f3437a85fd8ffa60ffa4f351567b8c873ba5a22deeeaa2ebbab58c54ac503cf791cd86973fa260f06088f1855fcc12c65e479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
524e140163b71f4a947b7b31d94f3446

SHA1
8331efd6b7d86421a2d0cf21346d80b1a2198441

SHA256
677e2647e065d32f0556fe851a6c19cc79714f30b834fedf16aaa53424f38651

SHA512
715b6b49aceafba1d8797246dbb4461ab9eb0a69aa418f7208e1e99aac7803fcce890c5d532d48702c83e5f1f49c7a4e0b5f7b0990cae9fb2cdfde659e2a2578

Download Submit