dd91c6bad4f41243743b783fc80418bdf1f2ec92dd3a300e0e64af79806d2726

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71bbcd5e836ee570c11fa28d07fd3ca7_JaffaCakes118.html
Size

134KB
MD5

71bbcd5e836ee570c11fa28d07fd3ca7
SHA1

23eaf7ec24f1a01b1a0d2521e2c6c691d52391d0
SHA256

dd91c6bad4f41243743b783fc80418bdf1f2ec92dd3a300e0e64af79806d2726
SHA512

04c0d2fb1f24fd2cb61b3b256f19e3c65e45d00dd002e8ea4b7e14ac1a7e082f8f832658578ab1f7b357d58f4cd7c49e23be5ebf098778186116f52f1d995445
SSDEEP

3072:Smbl9Jriodah/sDrvV8XcbqiBktMfDkFqS:SQXJVBk8S

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
5080	msedge.exe
5080	msedge.exe
4572	identity_helper.exe
4572	identity_helper.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 1548	5080	msedge.exe	84
PID 5080 wrote to memory of 1548	5080	msedge.exe	84
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1636	5080	msedge.exe	85
PID 5080 wrote to memory of 1256	5080	msedge.exe	86
PID 5080 wrote to memory of 1256	5080	msedge.exe	86
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87
PID 5080 wrote to memory of 5004	5080	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\71bbcd5e836ee570c11fa28d07fd3ca7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe16a46f8,0x7fffe16a4708,0x7fffe16a4718
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13833819566985825534,5621712266352597476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
943b2cbc169952825a83c4ad375c2269

SHA1
36a83182d83ebc01b76ee660dac9469b56bf5c16

SHA256
04b246b84acb75cb68742b38555c6a42f92a152b3285babdc739dfa7e20ef550

SHA512
ef441bf10fb12757cd3b533150b093529365c74c54a0728d3ee9744b8226ba7fbf460c00dcef011fda48240439562dfbdefce7b80d7062fde004db5ed1bb3c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
76fae78f120b014d1873da6d1d2f9445

SHA1
8b1a919ad1e41cf4d1abf85b0ec98064633ac155

SHA256
897745d12ead0d364dbda4053a80176c3c10f503dfe0f4ebb3054c780fa48ff5

SHA512
6e8f1b74bda52be417e4627eb68e41bca030bc7f91f3b06b67b6e8451a3ad3eb0412010d35da30360633372bb5c6ea8d989322baf2e118b809572d3abd5a071c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0eff7bf9b46ddcd8e509bbf3e988b9a2

SHA1
e9b79b0a44bdc56baa0eb5029abcd8a50a525ceb

SHA256
e35a1c8f7027f5d242882f35137f2e5b6de1b560809724f172528d3223afc173

SHA512
000d4906d4793fd19956d5e92c2c6cd8336897fab4b57b77f91b9ebdcf5072fd4d7202c521a56ff603cb7037014187f584236a72d51d32c57a9f558fef9daa51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7cbe163b6627cccb3bd92a5a53d0b107

SHA1
cd98b7c49ebd66f124475c8ce5d5397603bc83c1

SHA256
cd6888d833dbe84e2dcaf0af363a31ed85110ecc3500ea43d699b9c3be6dea40

SHA512
2db5f8db9d266947d358d17095a69eb14a026f33cd2207413714cdf612f732d7677235995183e518747e602cfe3ffc2d0f8bf4c222cb3bbe3f4a9f4a56f0ebbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
994833102abb762ded2402b6deb81362

SHA1
310fd6482e93f175d4013cdc83f7c3b16b8c3b68

SHA256
b4d6131d11799f339b10e7905d1061ab6a54a2009ec282cc2f08b5fd1adb8efa

SHA512
1efb95962a48842be4237abe32142108513a21cde40dfc1751132507d74ed780cb545595ebfd05a7e83a8a62f98b4048d7a2d82cb122db970e0b09436d2e7e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba16c530c8c76dc94f85cc968d7f202a

SHA1
0fa8f25d9b5ef279aa7a51e01a198096ad19ef58

SHA256
4beba051a9cf4cc65d7355114d6c420eba34d758774aea18160d9b66d1239b49

SHA512
f2e1879e42e7eef7f1f9404abbcfcfa9dd5a09522cfde095ece0ef484698a9f6e24aacae9096ff575aa7628edfc9986c448796188d2770100f4c7697a0c60694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41bb7097bb19bed67a15eeca4ea83600

SHA1
f89cea3b9f8a47e760930917e54beb27576cde0c

SHA256
d2faee943c4e25e8dc1836972ef50ead26c0de8650284d6da41366848a875370

SHA512
79b4ee6b6f4a5056156e10eaec0176bb8f8b3fef40a1727c5788b6373d14f92b01ae4c1cd973d4d3f51f047fc74f6aa5377a98aaa82bee54749eddafef39a7d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
bea8d076a8661b2655c23bfe3c11632c

SHA1
0ce786105ede0667b421dfe2df93ffd1fee0a581

SHA256
a875a11f383f2f589ce18f3eef68f628d03364d4ab043ac1cee4cec29c9da57f

SHA512
63e00e3ea647141cad02be20bf3bbe53b03cb9513cfa95b67e152ed791dd5507e5c6654d5f66f9fdb10caa2ed87dd08b0f6816d56a2d9b68d54b3567fd0d3915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588ebe.TMP

Filesize
370B

MD5
55c8680eb4ec5956ef2057e1a7560cf1

SHA1
2ced53986edb3cb03c6ff7e56171cacaa09e8bbf

SHA256
0891cba6793f61898bdaa55ffec15de43e7a1cb693ff4df04759a289fc330cd2

SHA512
892c2ab9453a4f6e1b2918357a1c743cbedbb76748d84bc80b68decbbb757248a8b632c1335c1f4bb217d1d1f2151f9039b11b9a3a8846a6174e6af7b558759d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96ce0d263a73187618913c7c4859c562

SHA1
e7950cefd0995ef3d3ca28642c0423eb79356af7

SHA256
5abaa38db5ae1835e2f51e6a1e9626692e1d94d6faaef0d8e812fe88ddcefa50

SHA512
612c2e5539ebfec428e9de4aefbd3cfd61c23c2eef0708f183a0d12fa783e52d7474f9ae3dff2421ea4998ad5f14b6b0b9c4f9b5fb1bb7ec9ca8c371dc26d780

Download Submit