e0899c70368347a6dd90ffc33f064460c226db7146e544155a8007cf58782618

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 23:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b137c920c6766598f792797af0b0e663_JaffaCakes118.html
Size

43KB
MD5

b137c920c6766598f792797af0b0e663
SHA1

fb84e01f9f02b9e42ee6cd61ed7e1894ae9a3d7a
SHA256

e0899c70368347a6dd90ffc33f064460c226db7146e544155a8007cf58782618
SHA512

e1c283c30c7c3285dc1dea025e9823645522b8e3574d142fba7425ffed77fe547e59fe9121c03bebd8fee3b6bf9bd1a92bfe1004fe17f5b6aebdaf6d7f72cb1d
SSDEEP

768:6dGKuouADqQ5mU3z2tMVXfvG8NgNol7pRbXfvG4QdnuOTNOhTyK17PCRM:6dG/o3Bmgz2C0NolNRTnAPch7PiM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
5100	msedge.exe
5100	msedge.exe
2476	identity_helper.exe
2476	identity_helper.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 860	5100	msedge.exe	84
PID 5100 wrote to memory of 860	5100	msedge.exe	84
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	85
PID 5100 wrote to memory of 4956	5100	msedge.exe	86
PID 5100 wrote to memory of 4956	5100	msedge.exe	86
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87
PID 5100 wrote to memory of 4408	5100	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b137c920c6766598f792797af0b0e663_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb062446f8,0x7ffb06244708,0x7ffb06244718
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4444063355253880675,9754177073406038399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e26587179edecc50bd7ce7c01a8ab316

SHA1
ee5e47c79ae44a171d359c063a73c36214bf9c1f

SHA256
fd145b0af89c48648ec72e4ddaa643678d088ef338989838416ee31e2acc894f

SHA512
2a735ce1b89cebdd0c78350c90d0e6ff5a60d4feb8ce4514625bde20007afa2cba70bb1f9d1ed171b6ae44c44ad33d54ca1c116e146c8373831ab55cf3543796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d4a0f1640f943c49b1158775ea165a15

SHA1
3f25b4a683a256f9458ec17af565f66810df3632

SHA256
0455af6ffd1a6f4e5d23d84bc17b7ba1bcf6db72bf5dbf0ecc53cf4f66a54754

SHA512
28ee7334b6900223ba897040f8c1feb02771bf9dceab4a48e1eb5e9c8ea0ae1a23baa61113758be7a9dba3a563e64d64a707d18f49dc845c5e5bdbbced587de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
707022a82544d39bddc58ec4bc245931

SHA1
2c55c3352705e1e6e52fbdd21c08d19ecf906568

SHA256
26095d5cca38a7c01fc4a8d49adeeca6ba18adebe31e47c45d2ed806981d78e5

SHA512
ca8e3070b85bd5bb11353fbedeee14e766947d154807f194ce1b1cf935262a52d6b0d3b24a80917008e287ee7ae1b27ca842ac9e10385082e0bdde0c5f7cb5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
532c49c8f482f021278a9a4b15b0ebf6

SHA1
531b6a5110060b05e32e9b331c70b566d59d3911

SHA256
b8c8cbb47f54564c1857439f9bf3d7f5f6de62c51187df81bb0b8f6e774909dd

SHA512
881300dba90978199373f54fe2ae7d9c4c3674c0ac3f0e19b1949dbbd01c2598f6c7c4d1b7f1fcce1ba33ba771efd9c9f4b2a080865307b56d5750929d7259d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ab8b7d7a8d1fdd23e8b6f3963ab519c

SHA1
a692e6a2a14ad8ff0c7abb65834b1089aec20d72

SHA256
750ccf68bee1a011c6f7f8690e48059047a12af9b05c1e3b0ef4358c947e6e84

SHA512
05a0ed3ff805917c07c8f6d70ae8cc9e7b80d6935956ee401ffb5f655193ecd253920ab1e94bb23dd885ce33585dfaa44600b23dd8103e7a57d1c472deebe151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17b85b48ee7d1d5b6d68c0883cfa062f

SHA1
018ccdeb535526aa2f6dcba126372f7324910e0a

SHA256
9c516f159ba2feff2275c32a18d70952002a8166add9ef386c37c67a3c0065b5

SHA512
018c74e6d6a404ac082923b05437e729589a5a570d0e85be9c79a30bababc67c15bd463265f46f49a45f9eaf8c0364c461eeca3382e889b5a9dbe728ed5fc930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aeea3c70dcd9a9c1ec439d16698217b2

SHA1
753eb7ee1043831ba4801fde0b015ad9095a94ed

SHA256
bb46a375f958c7529180127ae9f4a1f5d1d05b79b986b2fc8e06a0f32286c6ca

SHA512
5d18fc53fc55dfd99f8e827f5a5d8b6bc44a27d1438684a5c7f1471ffe01cd7c3b737e0b465dbf062216894c2c1cb27286df0566635a719f9f30c9e0869c7340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
37eff38fbddb987e7028c2e96e20ee95

SHA1
e1bce5e9c1c39c1a9d7a3b40b51de69b78a63388

SHA256
55fde2bf81679995990f82ee29f9002f39d507c3a3d71864b09b45fd29866462

SHA512
10668b75e8ed4ea0b4bfeb058606180813c62bf29a88774f83f8232f998fb37670941d696f94228099e4c706a1fc57b72b0f0e57e044bb45131d74b35dfbe90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe64278e.TMP

Filesize
538B

MD5
7f520d4bae015926bdec23c908ce6cd4

SHA1
38c066dd8582588cb4c5c04cc94c08c27f259389

SHA256
3885fcafe6f815e32fb092c3b4d474f7d0b254fcc1bb67edde74b1816036c455

SHA512
d53236ce18294d0caef4fbb8be7a478f49309cc19125fc44f78d60bca7caf459c82abf5ef1e6d6b7de0df9cdc8fa53e22b9c65a5e6495d0e31011a5f1cadfe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9035a657a133779f17a2594edd0e2af8

SHA1
1902fc3899122af8820ef36e03ef08a45f254f74

SHA256
8921dc9728ff556a8c0569daf2e6f37ddf9d58773e388d1e8e8d32c721d69a70

SHA512
9dfb199af7f15309fc06c8c3a7581f78dec13edd1da75b71ac9c96d90792e809fa7bc648c86950f42e280dac581522ee285f7e1aaa71cbb5f95331001f1e6bde

Download Submit