d9bdcd99c5332ae3a3914178af6729b7b9d8a7c90c64f234aa1863be777c3ad1

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02eb20f6c57411722d6f70faf2339740_JaffaCakes118.html
Size

296KB
MD5

02eb20f6c57411722d6f70faf2339740
SHA1

39012eb627990cd3ae067ebcbf1bfa3dae7c6fd7
SHA256

d9bdcd99c5332ae3a3914178af6729b7b9d8a7c90c64f234aa1863be777c3ad1
SHA512

c3a7aa188f9868b5031d461019e40c40180edf1a52867e9a0febff8df9c46e43e001341a709dba4e5952c30ff2993609038524aa052cc6a463fd3175f244b859
SSDEEP

1536:ND+SbTTF1SjTmFNkltM/jVII3IbIre03zHmN6oZkJLnvioIinOu3G9dE6AwBCCbR:J+SbTTFJFItCVI2i3CctiTCH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
2416	msedge.exe
2416	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4952	2416	msedge.exe	83
PID 2416 wrote to memory of 4952	2416	msedge.exe	83
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 2716	2416	msedge.exe	84
PID 2416 wrote to memory of 3672	2416	msedge.exe	85
PID 2416 wrote to memory of 3672	2416	msedge.exe	85
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86
PID 2416 wrote to memory of 3448	2416	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\02eb20f6c57411722d6f70faf2339740_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae1a346f8,0x7ffae1a34708,0x7ffae1a34718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17455342376439043511,1473326921163918438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c04b9ec53856ed740714791dce6a756a

SHA1
6ad581db280bbe77f16bccd77564a4f5f6dfd003

SHA256
8d62a8222d6966e623cb2dade252a7d22c71977d3319ec9b20d3cb10b6614505

SHA512
78edfdcb60eeb5ffff58dd6a2c4f1a8521420316b03e46376ad6b9deb887a4cd216abf7719a0ab1daee1718ebb2099c814aa2b19b12501dfed611a04d3aa46a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
79873efdf1628727192230ac598cbdfe

SHA1
11f6e684d1a631096eeac3487e7bca6af87a1743

SHA256
1946424eac07b8a05ce76f61c939dcfba13655104d17bd7f4b249ae11c3331de

SHA512
ff014af6134221425b43d64b347f292b35b2cb207539820ca559de6e13b6e979a5ec6de604c20c948bca0606f09b81e888e2c7aacd6c0fcf2706075a24d54fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
21df04df0f0ddfc0f9b26683f43d7637

SHA1
577ceb9b033561cc47efdd096ceeaac92aa0eeb0

SHA256
7bc53d02bfbc1d071cbad41baedce2fa10b87e3f4f9cb28ece9dada3ab08c7ee

SHA512
ebaa34e3fcda0dfc0d674349260049cc271fc441e89696aa7041b23011d6f751b144cb0eb08cdd9ccefecb51a86ee4c479e38b02078ca31daf9923092159ca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d40328278cd144e6b1dae1f86c8157e6

SHA1
654e625336b0b31d960874801e03da6e5950984d

SHA256
c93c368d679602f8926d0bb156668bc8634b010e30c6e7215580cb55fa393293

SHA512
8feb693c43a193b701212bb133de9d26ae407d7dcede09e1f3c46b96060a98bbb09e3f866af7a4509993b3a7d9686d9685f81973a44fdf31cc19fde97a053f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea77f8e64a644f4ef8d74c1bdc6b8651

SHA1
00e3b934e6ce4777b29484c67ffbff0d7b5e7fab

SHA256
5091ba1638c06473e03285fc33b27bb7a4175b6d49590812ec159576e66c10ca

SHA512
74279495a6ef235b14c8fe796f674df78bf8b1c49c1f8e91351387546a5feb17aa9b8f2824dcdb3dadc076e1df9c82cb6c19ad455b70cff87b84c18f0c30dad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7273a8a2ea8a3585234c5f83bb53ef74

SHA1
bf900682a85207ac7bb72e6cfe2785aee9bbb1e8

SHA256
545314990b5a42ffacebc77dbb3260adbe3ab0b9a6fd482eb4cf1b06e0613266

SHA512
ef152507060ab308f08a38de3e5a68909e6080751c9431302e74766f666c5141e55bfe9e6732d33e706ad58802bf18b255a88c0fa97a3efb7b01e447e075b112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
328dcd5a8144fcca9be2ec0177c91f96

SHA1
6dd7a8ea9907bbbb521870489fd759e26fc286e9

SHA256
98bedf00ddca0c62d8948eef369a87e279388ff437c23a1367b95d562cb5b2bd

SHA512
f79bf7b7779c7a544e2caef1b63525bfb9a590be38be693ce7564e86103839811481bf1d6122991b7a9b3368d731cd0d4a1e3be699189757fdccf984b1e51248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f07a7f1e4c6df7985ce8918747acd66f

SHA1
72d303875e0a80bf502544c3d9b4f381d68cdbb5

SHA256
e48c6342f84b3e58fd046cb0669444fea2e6f1fd06b42be90c7dd35dd459e9ae

SHA512
b328f2e04510f15cc4a84020673b08a47476d0e84911681b61c8bd661cb4e80e5477a451e685263a7f86e18600f7632e88abde4f600199a36da4528add66ea7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583592.TMP

Filesize
203B

MD5
b8e0d280f88ae66a4bd7811e800ae47d

SHA1
936efb394fef596676e2f93dabb61cfd2499640b

SHA256
f04688d49a6470fe9e77911891faab75eb3c27f1a2d6f01ce72dc12f93937fdc

SHA512
9d4e94aee58c1b8bbc12ba31b09be5e0202a8c1f5f49de283f1a221613951f033475bdf49eae8ba2a37699443c73a9ce026d9c751dce14af4c9cac6a63f1c54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fd7e52d62618007ea37c53ecc3b88aa

SHA1
27b9b7cb9c70f92ca8d253ff452cf09e21c7027b

SHA256
62107ca6f2398999e37889b8f5fd4189289dcd0e13afbc3ac46b4a60d4fd5394

SHA512
3e85aaea17d6290b2ccb3acc454749c00d02069a5b69d22fbf01d2d7b5397fbee45b522c3b048fa58f289857379c27a39beeaed29949cd622d91a2ca56879961

Download Submit