a7bce9dbb81a84c24f96c3e03709432efc5ae0a08f45a7de31ab6018b2e0af4e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 14:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3be1a4ced80d1e2b0c40701b9953b95_JaffaCakes118.html
Size

300KB
MD5

b3be1a4ced80d1e2b0c40701b9953b95
SHA1

10489d5d3a8e8834f0e214fead73bd523d3b1839
SHA256

a7bce9dbb81a84c24f96c3e03709432efc5ae0a08f45a7de31ab6018b2e0af4e
SHA512

7af6042376b7bb76fc12e67ff8a993965271ceac29b367d935fd31780c827c29481f459b868e1403c7f615084fb36ecce1cf3ca7631f2fd17bec5b1ef0ff2644
SSDEEP

1536:z1+SbTTFZSjTliNkltM/jVII3IbIre0gLgmU6oXkWjJLnv2MschQk309dE6IyJIQ:R+SbTTF0iItCVI2BjfQLiTCh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
3516	msedge.exe
3516	msedge.exe
5048	identity_helper.exe
5048	identity_helper.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 4980	3516	msedge.exe	86
PID 3516 wrote to memory of 4980	3516	msedge.exe	86
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2596	3516	msedge.exe	87
PID 3516 wrote to memory of 2852	3516	msedge.exe	88
PID 3516 wrote to memory of 2852	3516	msedge.exe	88
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89
PID 3516 wrote to memory of 1456	3516	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b3be1a4ced80d1e2b0c40701b9953b95_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,10822311854798514451,13254714467199035035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
299582bc0eb14e17f28c3e6fe2cb9db6

SHA1
dfa205c461c02fd6b351949a8df83c2c357c2ecb

SHA256
4191a529907d46f3827e881fb7ddf3d0a1246dc93e5bed507383eca92432bb24

SHA512
40aaaa9132d9f82136466c532d438edbca9227e61cca36739bc0986b4d8599494726c061d54c5da53dfd1bf2fdcb4b64db6744fd5959d10f0e09c734c57a2ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
036af98c2cef05373da9c7804ba240ab

SHA1
31f6e0ba2abf3333f7ac445e24ded14f2a5a72a5

SHA256
d001fd83c74bb7ddf9a6fc850a0d6d451886744808380b4f67a4862395daa3c9

SHA512
a0a77f9213bc8eabce1edbde44fc2e6bb645ca7793b882919e2d9f67a759ae2ff3d9903f06ee10bb088d38794e3164735186440d8d7a4d0743d0d90fcfcee1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
38f2b8c24fb32372a253720e6c5b3443

SHA1
4c0f774709a7ee462d17c7118d121a7b4dbefa00

SHA256
17edca68dc783a8774c187ade5175f99d93b42b7acd1518dc63920d1c0ac8875

SHA512
e50b39b5a8d7340d072615be5fd5692310951b1594171d599e095c1528bb000a9bad523baa29cc8203b821bc8fa64e972bdfb2852df50c74d9f912fbc9086775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8677c2d2d2afe53dabcefc2930a8d01

SHA1
8a3ba08ccc2a89e2dbdb28ec941aea88ddebdd69

SHA256
6959f1a6273464c42362e34d112cc7bdb054e7d82a2e40d32cca07bf2c169969

SHA512
46a5a38a4d1032ec37c2b210b855b8cb799ba3a11232a3ca0d499d99af2ee92cff92e1a6065c33209e3b14be68f233da868909e86f8ad311c0b40c02c7bade6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5454f58deb2ae769ee0614e300c27849

SHA1
c04eb4da131afc73807906532e69cb6836be4dc7

SHA256
d93d62b9ec4e298d2b754e888809bd2763df4eae7efb18cf78af1eb3c4a14a04

SHA512
18d2aef16f4b6e1ffbc238ff759d6cac3354353b6d889f9d30d1c95f2ec725b24a276865ec6046cce909af1b5fdb8ed3b3ea7cb97cca9b6f69568dc7ec6a759c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45ef691ff5018fa16f5c02386af32aaa

SHA1
ceb5017f27fa635ec2b9d1d0361ebb036d842b96

SHA256
1fd45182b76bc33255da833b13b0bc0206f97e4373c4ace0465dc2fe2257eee8

SHA512
70d2d6d72c9a6e5301edbe452231c2de492efb4a8e3b8a15efb413bb2410c4f08b0d72164e5497598e92d8c3828f4ac94b4f1542a483714f815e12990ff023dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e878887a755ad030d5070a99f9180305

SHA1
4222bd12c7b53814b95e681125f1bc9c01e9965a

SHA256
631db88f07779a3a7fae2be332f22186afbaf97ef8c1d7b4e3cdfb6177ea930d

SHA512
1e40fbde1fe9a2b9c4378733bf0214b3c3cf11c85ffcc201eeb852b4e2f12ef24637680d78dba274048c160921fe9c78bca626a9e1089b298e8670ee1c45550b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e0a1b566ed84e75becc8fa893574ce7e

SHA1
62606b3f1dad73f1fc343d6c4169e754cb1e18df

SHA256
3ed51a7439601b0e06f754b8bece0a9651571a42f1857332e096404bda7799e0

SHA512
4222d3da04ac4dbf0b9e0e0c40d59cea810dd8362ca660dc1a18ec4a1145af4b73b861d85e62687fe7dd72a35d67e77aa03bc8620bf26565da59961a8db39c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d91.TMP

Filesize
203B

MD5
d60919ba9f63567e138fa81da8951936

SHA1
960b5a571fc4aff16e03fce01563bc376d24f974

SHA256
63661cf80b9312f9b953793e540e753cc1e00d0f4d08f92923cc238888a1b09c

SHA512
7d165e17a74cae58ae9facc3785b0e647206ea1b7aa0a5bf7a8de663e40f61106a61e558f7b11a34242be276f6ebacb9e722c2113d5ceadfa9a1ff3a21ef81bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e577b5097aa3a9a24d484649b8987821

SHA1
2420fb8437e7293b8a9d5b76ab9209b9a107d0f9

SHA256
c854cdc5e8617d019e42a968adecd9078b6e633beddd13077c34f4f905f31dda

SHA512
4a1bc06082c83ef100334a56ba56ba296c859d6fff741131f64d151aa9cb9ac4a291010099132f7528f62313c4ce40aa6e9d9e91fe63a7f03f5168e50e663b9e

Download Submit