7fe7d9b71364ae06c0f6e4fab52067dd6c01b445ca9c3c0d5ddc0e5c46371ab5

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34ba42a8cbf8aa5bed531c8e59a9c96a_JaffaCakes118.html
Size

240KB
MD5

34ba42a8cbf8aa5bed531c8e59a9c96a
SHA1

6425e31ec445c217542eb9e814d7fa8780a79d07
SHA256

7fe7d9b71364ae06c0f6e4fab52067dd6c01b445ca9c3c0d5ddc0e5c46371ab5
SHA512

204ca83287b854cbd02eff9d45619ab2d1eede7e15825c1c0978dddbf74bd0873c3acd24e5ca8f76469b064e3c3dcf28f7ed2d20e3ad9a60befbdf4679c9d5a3
SSDEEP

3072:A3+HWRZCPBth5rOfhts5exlIWY7RkTPSHSe1yd5:ZHWMtUCykc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
3936	msedge.exe
3936	msedge.exe
1216	identity_helper.exe
1216	identity_helper.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 2136	3936	msedge.exe	83
PID 3936 wrote to memory of 2136	3936	msedge.exe	83
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 616	3936	msedge.exe	85
PID 3936 wrote to memory of 1048	3936	msedge.exe	86
PID 3936 wrote to memory of 1048	3936	msedge.exe	86
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87
PID 3936 wrote to memory of 2204	3936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\34ba42a8cbf8aa5bed531c8e59a9c96a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa822346f8,0x7ffa82234708,0x7ffa82234718
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7134640160998890515,13448238069473214089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e2faa3598f2b43663ce61bee1e1f0cee

SHA1
cd5352e9f959bd3bd38a7f3d636753185094f7de

SHA256
164039851c468c96a2b964f3f59d2b839a4a3f535577e21c3c8167ead7420e93

SHA512
aefb9fab59a55a038486db1b920ea78facee76e5384ebd898f0ac3440575c4ab22714313084b1dcaf94f864b29160faa0d77901180a400d9d620802b905eae4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1f228c1da99ab97e09c50c39df32b9d4

SHA1
87c575a4b32bc86fbd32b5ca1f9e5721bcf01b17

SHA256
b72a9198cb866c14e090b47e36d330db343561bd988baa938c9e849dc09140cf

SHA512
73d9bb1f10662955ed4770c7c7f8903a059f2e8d52c71079524f6fd9021c610c4b8dc2be553c3d24f38dd68edd50b49a5c6c8ded274c03e4754e5b7427f1fae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0e86d919fc221dd175c10558d8f5abc8

SHA1
9aba227d87afbda048ef0075ff235b2cc0700c94

SHA256
005977dab5bade816c9957d65f4cc8ea7d69321984c87a3dc06c06e4822a084a

SHA512
fae567c87af9228f3c80c27b81e60d235576a71c6ae3bde86111c2bed566b3d31f52179986d09adfa16d434d95e5156fbe88251578a2a159701d478c195e61a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006597d02eac02e9600c2f59f1955222

SHA1
95f3367963a903ce8353afa1bc68368fcf334dbc

SHA256
867286c2540b2f0598877b74b9424843ea0f2e88cbaa7dc61b3206827c7619d8

SHA512
fb4275d1bd9ab30a2928dbf9eb133807f0c857e47910ef44fbddeee458ff40de2fb9c9f96824fbd21546a6ca5df1a478b4e3e3a27b24528569ed76e72f860f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13a52708b85950433cba078ff636c8a1

SHA1
00b30bbaa7d95dbb9fbd5f65f28258f34613b748

SHA256
07cf266def7510f254df0e24a6c69d36ded2d277e83c60572838e71a2fd7de40

SHA512
3368522db80f35fbec1d8c73e63df7968a971deb28b75935750c250d599f08c6e754d33d7dadf9fba5ab090a5c9a6a85cc24ed1a2075cec5fa9039665448df8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46c666e882f78b06773cdcac09fddabf

SHA1
56b66c080380631c5ce5035581d762ac83e812a6

SHA256
32de19afb9ee1a5e8a08193cb1618b87586be9da1c8639adfaee6549cfc1f10b

SHA512
0769bc5e610c0b00288de71a74ce461382aa01a10ddcc9e74b2823191e8260b51d5223393c909c4133e76ec4850c1912c021d926f4f534dbffd51760656f2216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69c3e8cf0411289602f72aabac28987b

SHA1
82b1e8f1ed7904b2e2d5d0ab70a5227e8cfc7c8e

SHA256
ff53692c4069c5763bd017d84837a2715757b6e2c40356bb5d6c3746aed2dfd1

SHA512
c507d9e64208f6ee10314460fc546f76316c19598800cf2777b5942be51b896e60c374cd7fe9a739aa2fa4d4d30e8a9b68faee2b9480e7ac4a5890294d9ade32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
59f804a27fbadb5dc29ab5d28c4a6fed

SHA1
b6fb75609e6ad3b4dca6c2adc3a996d9ee61e051

SHA256
41d6c0dadc1eb5b4a47f2bc673a3c9c623a290289368ae3a78fa0adc83fc0b6f

SHA512
fb0b66e122a9b0595af177124d3671507a9bce5b1762d8b8592a642e8e4b9d4438ead0558cbaed0f519afd8d98ef5006f9439995d8a24c553259dbe8477d3e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a2a.TMP

Filesize
203B

MD5
6eeb68f9ef10fd0b755b101831b39e65

SHA1
6545b19624ed14030fc17ab25c187efb6c9f5243

SHA256
2d225a2242cabe794135c76946bee67626a3da91f1c492eee3b82ebcd155ba26

SHA512
09a7d1476a32fca44071d1130e5804f7876512ac7c101275361e8b825e3a89287b60880ea547ef7d5f0d270b3c22435c351104c14ee21467203515bf7b6b082d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35de83b78295a23d134ed87faa0d3abd

SHA1
aa52a805b3b478c29cea5b813e66c8041fb5c0f2

SHA256
dc4cfb319ffc914e63ec2f2973675cf9e0d74fc6e391ac331a2cec0ceb8075de

SHA512
a4864667356e1f3fe5e7fbf21b3fdd38e48abef4a8a006b6b7235deb26d98904d84eeaeb1db9a8f529ad193d9e109be7547fe3377a81a610c9afc6f79637338f

Download Submit