1dca10c3505da5a9b42b440f229066951e4cc97a971746bd1074ee2db4e23658

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dad9bd0e5a7979723c3a0e306f4e68ce_JaffaCakes118.html
Size

282KB
MD5

dad9bd0e5a7979723c3a0e306f4e68ce
SHA1

a27cd43a53bbf5ce4cba62c0661abbdfa229624a
SHA256

1dca10c3505da5a9b42b440f229066951e4cc97a971746bd1074ee2db4e23658
SHA512

6d23e54817ce507f32a022b555e503ace4d17dd9151d77fda43ae1a633bb42d7e1ea6b3b4faceabec60a25ad2762698b1145dab5a6753e0af262fa28b8357526
SSDEEP

3072:OgW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGgU73VY7RJvfy3dpA3a:CDAXmNR8/VX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3284	msedge.exe
3284	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
4244	identity_helper.exe
4244	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 4564	3284	msedge.exe	82
PID 3284 wrote to memory of 4564	3284	msedge.exe	82
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 2672	3284	msedge.exe	83
PID 3284 wrote to memory of 3732	3284	msedge.exe	84
PID 3284 wrote to memory of 3732	3284	msedge.exe	84
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85
PID 3284 wrote to memory of 1912	3284	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dad9bd0e5a7979723c3a0e306f4e68ce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe93e646f8,0x7ffe93e64708,0x7ffe93e64718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,334775401675305290,4409953035205626331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
abc48fd7cd6c006eb9f9c5719748c9ec

SHA1
1bfee875209e5a39e65213bd25322becf223d1c3

SHA256
862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93

SHA512
62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9e7d1d5632523a6b5523d7d119b40680

SHA1
d46e09d3e88270e33a12bee2e3e950ce8bab3a03

SHA256
b47e63223b789b09c6da7765aafc9c2bbd31d5ec28d589b3ec7ece7ca070e2fc

SHA512
25508df4175ccc2091e91da3fa303cba82ed3a534b6e91b7f9f33b2f1eda275a7569395c94c69ac67ba6d4944c330ad38847def5e65492f58d9ddadccfc4751d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6db50fbde843360fdfdd5ec44497ab63

SHA1
eca9581d60374d62a8288934733d39dcebee90e2

SHA256
50a2a733345b29d2aedef1e4d04ec078e443a56e6187a05dea30af969346928c

SHA512
cdb55f12679f088418d531d8afdc5c56be8c21ada02458c5122e04f6e24059f92648aad68b2824fbf20daa7c29f263c6fefe92df318eb8938620f7e0ec1ead6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
031275e2b5203cd74fe1114ec5d8006a

SHA1
e39da5572165150fc2473e9771dd8b925202d942

SHA256
e064621d6b540133f5066e4c2772eca425e99cb2dc50381cb9969ce2e03da7c6

SHA512
13beadbd576475046ec9701196276dce388fdeeaaa170a7f9af41a30fc37e21b7e94dae669ef83f3f550c93f0830bf45a21c4ce3638cf8f48441422ef2719006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5bc2813ad032e204496242474b338e40

SHA1
f83e02afe846b33e04dd0f290a05c82b46c3e493

SHA256
1ebd72825788557725371499de440ab1f70a82b01fef0fc811878de5c940ad06

SHA512
84669b43eba8f9bc1ad7a6624096988fe7b7c2c8485f22fddeec3aaf75847f88092c89c441714762c9c28ea690c5cd8e2bff6cb89af35c4da2fc5f34886cdbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa9fafc08d32109925844416cf0f73d2

SHA1
a87f058a5ea9747fc0cbe6f9b5ebcf640e81d351

SHA256
ae4d8ce8ba1803ecce31ae102299ba8fc9c63defc26c59844d280deb19e8e3a3

SHA512
c67d8eb201e6c1aaddb04b10d5c81d6bb2518fc4900f479d6060be311d1e65d89f246e5a1d5051dfe54e00b3eac07160dd18d05b01db5218ea3052d61c11ea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ab7990bdb51c145f454ed11f386de9f

SHA1
f86d9d7f060b833f0201ec50a7034e3bd34304a0

SHA256
3e25e70df76cb2acb5b99e8dc1c61c52e7c96e85948c25fff75ca82572d226c9

SHA512
a52cee52f81fa639b68c55fb83960b20a11b9c59262a97090e14870166abc5e85b32fc2fcbf3bae51f992a732bbe9794be0de3752c25b600d4e8ff21c480d533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c10c67b70292dfdb2b061705daf7d6a1

SHA1
91074603631d5ff837c10df629a0609e3ec3407d

SHA256
67ccdea1d9767352bfa24be64f244b194cea933c80326afabce85971ae8b9fb2

SHA512
f85107ebb53cc4bb1893524823e9293437acf09398bd112b0de1db1406fafb01e38f4c4b1ee3e839d8baccdc2ef595a7c0ac2708262c20bd4a62ab16f4768d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
deb6c7b5d1bd726604cde422a413c822

SHA1
dbb5acffe016d5f0d92661286e5d966975e0215c

SHA256
b801978d9a38ee158b3144d27328d611eeab87f9397198225a3a2d366f19e94a

SHA512
d913f608027e015f9e786fd989f3eb791986db61573738cd2daac1e5618a314c485afab761d0ed8273fe620f529e50840bf71d62bfdc4dbfdef42394832151b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
079b62470fa9a1cf5efa9f9a6194fd71

SHA1
eb5f04916ddffb83a97ef46f031eee4beaa61db7

SHA256
79ed3434edfa4869c4149f603945f560e202bc823200388fbf1622aad4d04b77

SHA512
e092647cbc1821e6d4da9ecc486c10a8cd28b201974b6e6e3173f1834fec1f3b1e54dd22ba275fddeec85a94adc643521f1330100f59a1c33379df9b3120c3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
32140cecb490fbca10fa53e05e8bc315

SHA1
947862cb3e0064fb5d61bb4d67bbf789c506ee1b

SHA256
87b28c949ed81a89b949a817a969acd9e11fdbc2ad6cc85f243e9fdd5edcc8ab

SHA512
1948f357b8e04bb680c6579b9a3a00c9abbfd95ecb5c9c987a62e89b91362a913f763130289805b5201c148423a36e698a8210df6e7cbef91473bbf6dd01610d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581577.TMP

Filesize
203B

MD5
8cc1424e77c3dee7361954cedd9c9beb

SHA1
09ad042d3a86af5d2eeb2346ef357c6eb8614ecd

SHA256
fc8982b17c3d55789742e1dee787c5cf0bfd657586c8099a5be8508725800625

SHA512
ab3920e6ac3f009e004a7aa0ab7cf6bfa85bac746b649266ea090bc6e48e03560ef6eb3718d2f347bc2aa879288505b3a72f14d9516647a8f3132be195920cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
299d5b188f0355dfbc2d3b3905570a6b

SHA1
8116ddd1703b07e9820065847c6086e1960372ea

SHA256
b78970ad312acb0562d51ab359bfa0ae5c5d16634756a6b1c737499455dd861c

SHA512
eef964defd1cc9600235bab473d5d7faa9d476f292f9e117804b5430e59a87beacc1cf5875f7c090ab7de4bbb5eb2a48598beb0542513b5472d4e5f6518d2223

Download Submit