d702733cc2c4afe244a92d02e72113fe7fd4addc9f7725ef98c769977178a6bf

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe
Size

22KB
MD5

5227f815d0e3cc6054b3d89042b6ddcb
SHA1

f0bedc93cb54ecdf1fb5cdd7197aea2c031343f7
SHA256

d702733cc2c4afe244a92d02e72113fe7fd4addc9f7725ef98c769977178a6bf
SHA512

574298f54d4e71ece0112298718be814e194c928b75e8bf26e8fb98e6acbe5241b4f9b343e4a797796dcb7709e78ced8473c18268d3b7db159f434447a24436f
SSDEEP

384:eNEc6uzctBkLnjibli3ESmMadMGJAFgwgb+8MtUGL9lOCaC1vI3:UoUnjk8DuGLrOCtvI3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4864	msedge.exe
4864	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 4864	764	5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe	94
PID 764 wrote to memory of 4864	764	5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe	94
PID 4864 wrote to memory of 3064	4864	msedge.exe	95
PID 4864 wrote to memory of 3064	4864	msedge.exe	95
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 3848	4864	msedge.exe	96
PID 4864 wrote to memory of 4976	4864	msedge.exe	97
PID 4864 wrote to memory of 4976	4864	msedge.exe	97
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98
PID 4864 wrote to memory of 4948	4864	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9246f8,0x7ffb8a924708,0x7ffb8a924718
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 /prefetch:8
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:8
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11233204385008098252,11761759184860570831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5227f815d0e3cc6054b3d89042b6ddcb_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffb8a9246f8,0x7ffb8a924708,0x7ffb8a924718
    3⤵
    PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
eaa4391dc617e478ca2bb95655e40ad1

SHA1
dc431fb503a68e20a343bf385a85adf39790cf7a

SHA256
c9fddf8bdba24b64e82a00539c9a6c4bc7fc93f0c47640eaee557a4f2de5c4cd

SHA512
a50c4b9453e1262a953fb61921963426d73aec459e9fb862dc4348fb24f42f69fdbce86dcf2af4297e54dcaaeb2364526cf7ceb84ce4b1311f2b2ff2377ea13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
335a3623202e66f497e72e0e012f8463

SHA1
99337e9e0565f53ef700b51e773a77e5e727b741

SHA256
88167e4662af5a656d504f2a96fb25ad15499cb760605771d236a29517d17b2c

SHA512
56f9e3c21661911020343f27e948e2184e72dd0ef12965289ecc26691996b0bbd26b51b4c85b2dbd99e5430539c6a301da92cc6d0c5c4110e0f38fd1ac46aa78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38237c94a914a06355724b56600112f7

SHA1
900067bb4b74e7984e38c61bbcbded68b46a8e84

SHA256
e5aa6257889a783f2d58ad5326fd3895ff40a4e774df27d2714483eadeca8e7a

SHA512
44d292322748f467c9e99389f3fda2c4a372ccd7ecf5969d9fbee90607e9ff66f0f9cdf666d8838a8b9a4cf9d7054c9f7a7fe7134c14e4f1a3b6b710d2d63919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
372bad8672eff0e9fa36764398bc4aeb

SHA1
06e3dadf8f0e871ad70e74a5ba664b4064b07554

SHA256
33b09bdb0ad6d7cea5b485e87c23c243f93a07ea098f6ed9da4b04d0e5c46e03

SHA512
64dd88e4e11330baa1a48bd8828dcf82926189f6463022da9ae4344676783ddbd9041e3113bcee2c1a6c522c3b5c873cd79462f02ce0bb55c24b1dd3b5369c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
26426c8451c0de6fe3aa49fa5e19ea27

SHA1
27afe5285f9b6a61ecf01d55b40aee1e7360bd66

SHA256
951706a00c2ddc03b43e3bf889ee0b5015888ce865a66baf39307954f8176103

SHA512
fe9a0b4ba37ad0927a1cb775c65cb9e8760063f3dc77744c71d04e8798d3b21f0938199cdfa88fc2b988ecbcf6f7c4c98a84cc31c0e122b70d980327a031abe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58144e.TMP

Filesize
371B

MD5
65a4089c0518d43bd2aa4fccbf3e4dce

SHA1
1b378887596dcddfa763ee53d9aeeef571e65461

SHA256
f1f55d9ab68beb86182cc14067d5a2e08320df8e0fc4deafba41720ca8f062f9

SHA512
b5c49a20dee0f94c85869d703c5463428060d5e2b1695194703c0635f55ee6b71e8654d301392eb02cd4a0d7b2f41d4e4569cfe5f4f0ca868178d0e9b8ec196a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1cf31d9584651bee557c1464a078c5a3

SHA1
f6adfb053cec6b84c89570239b379ecc7937e65d

SHA256
e6793a5e0e9a0a89e05dc3b547bcb8eacc36a348656b59639a47ba59338d804f

SHA512
e9e00b6367f369ca49feb8851f25445f25cbbcc53afb8bde6d14656757f81db5a5a554b4b1706e404c81940ade6b83c9b8cec6981798ab30b108f79d9b9aa192

Download Submit