89ff07efc37e4ccf5fa7997efb8c52e34431c907154c3387b50ee9ccce656a4a

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299852c2071a5173d496e9cdd8eb16c5_JaffaCakes118.html
Size

72KB
MD5

299852c2071a5173d496e9cdd8eb16c5
SHA1

a72274a7af183db00281fa38bccd6e7e4c042d27
SHA256

89ff07efc37e4ccf5fa7997efb8c52e34431c907154c3387b50ee9ccce656a4a
SHA512

1277816486d9e1e3adcec3e39a0fadd21751edb97dc407a2cf8d6d6928cb156e6df3dc5be76008366085bdceb6989a8b713c0f668db6f77ba47c4c5fb87104d6
SSDEEP

1536:/qIP7KUv/03GQQqR0InP7ODo3jFoKmsDDyM/RDE9oSQvGyZoH+MYIZqj:iIlv/WGQn0InyDo3jFtxDDF/xEy5RoHi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
1088	msedge.exe
1088	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 3176	1088	msedge.exe	83
PID 1088 wrote to memory of 3176	1088	msedge.exe	83
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 1652	1088	msedge.exe	84
PID 1088 wrote to memory of 3508	1088	msedge.exe	85
PID 1088 wrote to memory of 3508	1088	msedge.exe	85
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86
PID 1088 wrote to memory of 3172	1088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\299852c2071a5173d496e9cdd8eb16c5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff807a246f8,0x7ff807a24708,0x7ff807a24718
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9866213716031595237,13655057931000296782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
341f5f4fd76d3b136b27bb7b716acc96

SHA1
79000f83422e1d8d9fd42890cde3a4e9b71d28de

SHA256
72439419741e9a1c91b426cdaf5d2562e460d69d9deec8024dc8e3283c195928

SHA512
48d9b99a243cfc4920fb46d9a5b9cc186998d6e8f1c721cfa3768e28daa0ebc35babb2938d9464d75af862ca0d197eb5f5c03eeb4993db3d8d0f3d77cd76d62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fd7a40cc15da70c4458ec55816c7e3f6

SHA1
50e3355b62b7e98bb62ac6bf908ee797578beef5

SHA256
039b8278d13b0413c6501a014601e45abe9f3beee5085d4beefeca2db620bd02

SHA512
1952deb4623fa13a4b00572595b1b87db666272ce41c3af2ec475d2e9f430fc5b9092b309587542de1edafd5ad587b8b441b3610ba614d76f044edb86406dd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2e42f1b11cc247687d15e2649a01819e

SHA1
699e13ae83954591aa35aa5d9e2358e549746424

SHA256
221de2c69991df72d19412f18d79250e4a839e06d3f8b1c68f8ec100251506bc

SHA512
9c8ca848a779e60f3875ba8bf18463af228caaa4b541c861221da6b390df1617ce7bfe94ecdd75f3523f5e0024f6c6f12e3b4d9cb6a4cb2ed3dd28dccac9b52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b06f7fc77a4cf5f13f895a01a951bf6

SHA1
d616ac4c5c1c95f566a68e29f21ee7792f93c6a8

SHA256
abbb71af0968b6316115ace20d9de8e361a212c11e6a54d501fc1333e096130b

SHA512
4735a9619bfc0a2737088a61e8301a01963bd03969d42264f96ba0bcd33f9cb4368b36e828a46bd88f8216753b761611dd8cdda3530d10e661aa63ca124589f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e34075750b00a8a71d62ef5079c1eba2

SHA1
df713dcc7b5686fad9b316754c2585763c721e53

SHA256
ab9ec3b9fd32900460ca829ffb7c4a877ac07c0d69a5bacb389e039f039db002

SHA512
a62cdb40056c563f56ba2e05e3e902ce0d254094a4b3dc25bbc285e1fb8b4de78e2b2045f5113289203f2aaee9b24f4c0fdc6a48b9acacfb0ab20f93a1f5839d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d61399a8b433471c3aa5a3d10304a7c6

SHA1
eba57f5a1a3cbcfa8e9a36b1b26fdeb17ee0bc63

SHA256
af01b8d6581aaf14de00463d52c4e461a62c1c2d3850a358c44706a45493f63a

SHA512
1148934ba91a891b2b094a485ae4994f22476f21fad4a7bfb9fdaff0170585371aaa4f60aebee301c7d7a5459dfbe62ff1e7a951cfede5fd46a8b4c020c811b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12ed53d656c0e129b11c45961fe22df9

SHA1
6d2134eb4f89dcd039204f864e3e2b4eb6559d43

SHA256
f936b049712f975de3ad3eb396546e04f24afa691bbcc1ffd542182ca01e9024

SHA512
a481e793204c9005e000903279e023f1d85bc73e4ae05eb5f6cda4f308345208723dd3e03b692032a019017d903460191f222bc8f88335eed57c4574ac1a4524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cedfdff91c0b2e238b072bab72492bf9

SHA1
bd1177ed4cda96e62c2ffc417eb4e153b5d1072e

SHA256
13ec7527365b0b413fd23a4373b8b229a2b2d0bc4d82078cd2e19bce26503f8e

SHA512
37059e3788e29cafda1c04e0097a3f6692915a555b69db3199999f087748d4217798ef67f72051dba5404c079de6ac67835020e0cf233baff76af9d84d30b67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5442e9dd885d092c3ef9083e8cf2bf3a

SHA1
8cacd0a810a338f1610a7f87d6298d29bf23919a

SHA256
fee0615eea17fac09814391d1dd0afde13f2b62dedf12180f738b43645f0adcb

SHA512
7c9e7ac0016a2ad117fb099dd25a772f30f2624a40a6a851004943af941a6df42f98d4f4c0a3371e54915c0b4011eeaae33db786f9d383fc3f666062f4061d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5834b7.TMP

Filesize
371B

MD5
65a5c471e232a498096a7424246f7e41

SHA1
9d65a8de4e8edd4c1b56f5fd53d99041c0fedadb

SHA256
ea7bb81606cdbdc511f8a330179a7049656b585009920b985a7d684400c4f095

SHA512
a09d31a8dd336a7ab3ab49bb6288e38584c6b020af0e551d480356fd3deb6846da4765d9cba7f0067554048fcd2ba11cd03b2a16c77873d09fc3ec09f0a568d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b0de2485ec8178b3af8da59389f782e

SHA1
2ffb5c05561de231d0a84f557fe7df3cc55919a3

SHA256
fa8693cf51946c7fed193f41673989e0032bc45fba6993bcaef3157ac3d6e5c6

SHA512
20602f6410ade9f40958a63fc54a86dbbb2dc2e870f417ba5c7effefec321757c1cf8f0af1b63e5f98c09d82e9b0f4d807e2b36f907e8fcf3d06c874e1ae490e

Download Submit