93bdde5f56a89743a6b998c067e9681fe3249c14339ad5af83786b2c7061cfea

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8622392ed38fd3f282cb34a5ba8c5d3_JaffaCakes118.html
Size

110KB
MD5

d8622392ed38fd3f282cb34a5ba8c5d3
SHA1

c576222e981b0f51af7b011b5b633d3705333c06
SHA256

93bdde5f56a89743a6b998c067e9681fe3249c14339ad5af83786b2c7061cfea
SHA512

fc31aa14226ccf0c047e49b90b4964012c82c942d3550024239baf375f61fa3b8f7778182b4ab78919cb43420d6eeff9cb419a238b6fdac6f9c4c066c1a1b7be
SSDEEP

1536:ZXHPoRbEvTuSOKAXjclagHt+o3vEO7ACHssOiwgNcirO8xaOd5PH:ZXvryRR67ACHuiwgNcx8Dd5PH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
4612	msedge.exe
4612	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 3576	4612	msedge.exe	82
PID 4612 wrote to memory of 3576	4612	msedge.exe	82
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 1948	4612	msedge.exe	83
PID 4612 wrote to memory of 3140	4612	msedge.exe	84
PID 4612 wrote to memory of 3140	4612	msedge.exe	84
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85
PID 4612 wrote to memory of 3896	4612	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d8622392ed38fd3f282cb34a5ba8c5d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0c8446f8,0x7ffc0c844708,0x7ffc0c844718
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1216 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11510802149991587424,256020845957645938,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
d74ec218d442f9f5fc04cd1110b1c0a2

SHA1
2b412c19a122b1219f3c569b4b4ab01844c248ce

SHA256
1b810e0e26d1b6306e8bfd1e15365ce7979ce1e9fce52cc430099a69d63e50f2

SHA512
4591f77a9095c734b380c14f526ea9470949681647c5dc2bd7c147ae6f88f664d93b482133aac0dca0b1f94d50b1c1d2c5bf5d87bfe9121850e685a3dde49a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8dfd4bee043e79eb8560f21d301dfcca

SHA1
ef07f152d9fbd47dfff96182940de9f6c5a80fc0

SHA256
1fd30dc3295421c0c2aea7621cbe9ad31a3a1e17bbbf537cb8a41ba9f3531fe5

SHA512
76d2872627ea08da5c003fd67b1e3e14df81660d5a9f6ab4ab6faebe91ba8d743fdfb26d80ccf16e52ce1dffd0eefe251334b72aa04eeb4cc41f2785635df1d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
410a6bae6d379d5c153bbb7b82c8003c

SHA1
17761cf0b1a4d18e6eb52ac96f16f9984f0f5246

SHA256
ff93cbbf7b975746c3189a76b6f56ff6508e7534ef400b285842f166d0e9a2e2

SHA512
c981682a82c12c65edeccc4887d5622748e19eb7381199f994a5be71bb00ae1f943fdddb2847284be491b0cbc9e5e188dba14d32649457d0d9f1c351eadc23a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eacb558ef727c6bb6f341f81d930caad

SHA1
eec8d8c0fde99b494a1a974fc512257f2a447325

SHA256
1c005877f8bc7a3abe40689bdaf101b3e6af63dedf2160d873521eec6a6be39b

SHA512
4d3e48ebfa2978034fe9ab9e262f342505eb030826b8803a9d84120e3048dfef88f593cdf4b5693fbef68d6ccbbe883ccf5d86351ec75e8f4285949f4e996f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
36631b37dd36ac0218dc293a989e1bf5

SHA1
9f5d29256ffe3a83afc1504cf158dd5f43827f64

SHA256
ea2c18d08d245fdaf4506198c120fda0889026b7021e6b1f980c22675524356f

SHA512
fefcc1bdfe0c63a543da3d0bb4e66b1baffdc380bdfbf997ef8a17ae9076dde49eafa5699664a5efe22e040bb9e8543b1a27f572967755f46274474b7b5f85bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4de55c5b80e21648254804558d68e8a6

SHA1
fc5932ce13939f9eb40bb1ca84b8df3ff4b630b0

SHA256
2ac1e0bff99517f2106edba37a5b39e1035911556632884cbb173214073c3643

SHA512
49dbafc40669a5dfcebb5844895a8f5a1a4c2c3a3b76fa4d2b30e0fa739363f4863cd9d4c2cf398c959186d971c2a304cccea8d352e844c1e2007a70e7f5f79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b58e99b18216b8316fe785c10a5a417a

SHA1
b923d48d9dae9b420e2dffebe5b7354a59252f7c

SHA256
b4210cf21b7a6fe10656eca8e321b79c2f34bc95a5252e23dd3952549c727699

SHA512
a1731f9385c327d90bd50ebfc0ca2d35811c1ef6f50f7138bd0f62290a461a134a10b10e5b3f6191a1555aa3f0c4c1fcd7e473ad9061d091d2a81aa79758d125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
064dd52721b3a37b2794a64e781f39ce

SHA1
820e99aafb67b6ab3cf807d9710a6a971a2a0c20

SHA256
b9a3adbc1c0824b16860cf7613c569c087ec406b8c403f9524687d9e327e11a1

SHA512
cf20c2cc54c08ca19824b4365af6400c5b9b62a43e11f1d1ed24ba50128e4dc0386a95616714bae3099137e85004605e0e4ab184dbadcf98024564c67f0f4f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
deed6d04241bf391744507b12f8a19a7

SHA1
d4a4f65b182838ba8ef64f8e0141d624dc8fcd85

SHA256
bd68862b12d37b6b13f382e3455439c4b5fde2d89ed275ea5e7bb09724aef7d6

SHA512
4edecfef58e1084136d00b2acffa31c161feb9001184adffe15dd21d8489c476a68056bc8574e5abcdcd390548d85a70f05ffceacdb268ca1f62308d8a332991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3f525eb514bbad68a294b707e4f2220c

SHA1
be3ad21c740865aa238dd127c90020292e35aed8

SHA256
bf82f951f819961cfe2691b49b632b4ec138ec0d3bf691c757d7a591e47fa6c4

SHA512
c302451988acbb3c108347fc8d3e3bf00f8f111a06c50afba9f13d82f349672a2d031d1b1e1d3f2a796ef7a7d2fbf4318f66f3837206caf99dc0cd8b457e8d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587b94.TMP

Filesize
204B

MD5
e577f3b934b9dfa133accf0650120c34

SHA1
4f1e0850cb104c2581031f51ed731f4ef38e43af

SHA256
b65ca5375827eb276e98057cd21e607e65810b0a29118f0c641d809a08ea2b27

SHA512
ef86d73fd20e5ff55b647dac1fb7a67e9db65031cad271660984570d937e14fda38773d90a46f720bef7624b4e2bfd5c22be997efa63fed9a1512b24d806d635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c18ba84d-f369-48d9-bd86-6fb15e6827d5.tmp

Filesize
3KB

MD5
d31a5dd19777a0e3735e17619cc31b35

SHA1
b5be7e8bf8f273611ef92bcbf1c221771ff8a893

SHA256
898f78a10f89af0893c3e419314941cdc9a260d3cde2be3fd99e43afb48f25f0

SHA512
3c760814b7ca939b8ddda07b2f1d5240838b5674f729b8bba16c80fefc451095aab9059ebbbd03137c63bcf6c4f5cf4ac7affd83a47ab09540711d1c6f6f85cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a929e69fce0c0087eac51bcc43718005

SHA1
da20f9441daffa514dbbff86b545ce1f9b42e484

SHA256
5301eff4ed9c1338f1ed588e4fbadc01764ce8d3afd6c216376917e6d4937de6

SHA512
130f9b892ee412a4037e3ea16373f35151176a9eaf4dcaaa308c02b3af34048cda123d1f12653c35b3fbc86bceafdc3dabd7121258b6c40016dc2203c667609d

Download Submit