a6f7a3e9c426a69199d7469bd56a30d1ff7d8a5eff4f4528523f6f30a5751aea

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c74e4199f8ba034f30e1a99f9098b17_JaffaCakes118.html
Size

93KB
MD5

9c74e4199f8ba034f30e1a99f9098b17
SHA1

1204ad7a14fcef9ceff57601a9c1f6db999c366a
SHA256

a6f7a3e9c426a69199d7469bd56a30d1ff7d8a5eff4f4528523f6f30a5751aea
SHA512

8bad1e20bfa5a9179491d4f8d5198bcb9380e2b2884350791ef791d410a7f80443c2932466a3a49d4aff66c81384ec9fc419082b237fe801d4dacd8877651de7
SSDEEP

1536:0HY42JL2rPCOCORd1LjxwoLtOHOnO+UIP8oGzZdzXBoZEnByI:lJKjZZEuO+9AzZdzXBoZs9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
2408	msedge.exe
2408	msedge.exe
3216	identity_helper.exe
3216	identity_helper.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 8	2408	msedge.exe	82
PID 2408 wrote to memory of 8	2408	msedge.exe	82
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 2124	2408	msedge.exe	83
PID 2408 wrote to memory of 5004	2408	msedge.exe	84
PID 2408 wrote to memory of 5004	2408	msedge.exe	84
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85
PID 2408 wrote to memory of 4868	2408	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\9c74e4199f8ba034f30e1a99f9098b17_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc5d46f8,0x7ffecc5d4708,0x7ffecc5d4718
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3015397721218251088,17017339966154075080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c920718d0eecfe7378d0ece2f2b6e823

SHA1
50b015373023e04aba79082fea5581f636240356

SHA256
4bba91253eafacad7dc070614a03ff94ebe539c6b827056b3e0ec39ebe7211bc

SHA512
f8757a784fbc75cd3660d32ab9500b803d1f04244eceb26310cd479ce2d7c1be2259cf45ff097adf417660b7bff4a1879605990b038c3d7cfa4eb2e33f05c39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
84958d0047ec8b69860ea8d7de896716

SHA1
fa5c90fb0a1f603e7ca2c1d609c8f043df114c66

SHA256
8951c2ab94974426eaaef33384143c38617c5475059fcda2cf470cd845f63b1a

SHA512
fdad0837b049e235b87542167d09e283aa5d8ed11f81d22d0e10eb833ed406a645e8fea55f9fd1b5f99d053fe8b0cb7171e872507968eee7a56c520b7e4d99a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f62406d7c8db5f3f1e408a2b851a0421

SHA1
59ef0820fbe6651c24ad3b15287830ceb290c2e3

SHA256
02b6d081bec3184af3d1120b1dd9fb107281651a65338f8c09c533fba455e10f

SHA512
67feffa482b7a96c9ab779f9f36d7d5fe56b6f3f630a5e91f1ce5545c64683f61d17dc2dd27f90d36d1241525c85e6caabdc096aa4a4fc9c2b44fca1935a46a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a21ec280dfac9e25730233d084e7e6a

SHA1
ed31bf16736e4428977190bbfd37c32461602118

SHA256
1128df716438f2d298eb991d453c68625fb36586665ceb9c33ce45c7a59b5f61

SHA512
a1470397d8d82280a1c7d913ada617c951bbf5cd9efb84b5df936de769e1d5a450f14e4bb13283f0a5c3f92be4e6ae89e8200fa0daacbd64febd1a7deac08c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3502cd5fbd3def4bc470dbe78a327e2f

SHA1
b8d9ceb008faaa2b53573c9b783e214906f2dd4b

SHA256
0d848f506dd6a17e000785f7b3ffb7637bdfcc6bc9aa8380126c80f160fe7ec4

SHA512
794e2912540a7d92e397ac15c6a3a9d9d441f77ebc195d1c4c9e857653adc4fb12d81e034c6525ffa4094d698b4f8da28ca67f916a5ac70dce35e6267cb05a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbcc3fea1476fa22dc05f7cfcc5b9169

SHA1
9a0d7dc0de7d6fbe7fd60080f0f7b54904d6dc0d

SHA256
0a7200c23ec4299338c4584f0aab7a77a5b54624868146b87c8d7b6bb853c43f

SHA512
22ac9fbc942daf3fb334a6b15a601d7dd1c789f99d0abe702218db529f3722273fa0237546d57401b9842f58d5e7636f78fd5e1639090be19b3d885aef0689eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
70a13caf1318f9a8fd38b30968c8894a

SHA1
22e8999da33d0359caf630f3bd667214c0c8a3ab

SHA256
129f6f9988fc3be0b736f5c7f687ea9cfec5480d039df61d189d947fc6db6a31

SHA512
4ba35568147e4620604b35d551121f2b232ba1b3b762459a8a9590f1df896c898f761f24c520d47c21d9827e4baee2a695d328a5a9f3fe2519f32ad234b6ffdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58174c.TMP

Filesize
370B

MD5
ff3ead29f5405b8ef70c00b6e55548bd

SHA1
5ba117b7b3021474b8b53d47149be1d258f3888b

SHA256
d6d668209317aa8dd4d513473aebe0125d4bbfaea5875be75144448b2e6f1a0a

SHA512
6c8a0834e56a4afd03d8477707e665a06202f719e75149c45e0a68ec98a39412f485f3d63c9751d93bd89a987f5db719078962f65a89d092550604f9ba68374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba2565fc0189f01e8d14d7bf72a00fd1

SHA1
c882abfd87eeef33890d21373a9572472d18a030

SHA256
3e6c09c0d040c5e1941ea7d4981c093d11e9277eb220ce01783d9511c1617053

SHA512
6ba45c215800c7803b52ec6339fc42f6fd32fff31c2053443714ca6f9cf0bf7e12823b5637c4e6652d59aac8168aedf3f8f0f86858f9c578a57f57c490732bc8

Download Submit