6dec703120a1fd6ef397077c7b063f0316b82cf1b59ae198fe560ea986d11c29

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf8182473fc36c52c47fbf8c38f30ea4_JaffaCakes118.html
Size

88KB
MD5

bf8182473fc36c52c47fbf8c38f30ea4
SHA1

76bba72f7681c281c3e355c2f0dba977f8d307e3
SHA256

6dec703120a1fd6ef397077c7b063f0316b82cf1b59ae198fe560ea986d11c29
SHA512

11c1827c6918c4f666d2c74e5b1733b2493fe443ce14cacfc02978150aceac2db37e4c81bed6770b7d8a58ba30e4da3b789f642a5b527b7e45c77f134f958bea
SSDEEP

1536:26rkclJkIoEdOQOCi+62KgOBOFOS38OqTOYKF6hLBtU:26rkclNWfCi+62KPAkS37XYKF6hLBtU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
452	msedge.exe
452	msedge.exe
376	identity_helper.exe
376	identity_helper.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4784	452	msedge.exe	84
PID 452 wrote to memory of 4784	452	msedge.exe	84
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 2904	452	msedge.exe	85
PID 452 wrote to memory of 4084	452	msedge.exe	86
PID 452 wrote to memory of 4084	452	msedge.exe	86
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87
PID 452 wrote to memory of 4672	452	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf8182473fc36c52c47fbf8c38f30ea4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4c846f8,0x7ffab4c84708,0x7ffab4c84718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,7625563643877962704,14562836307843925452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4326c3fd-4e90-46cd-878f-ccab678ffd03.tmp

Filesize
10KB

MD5
fdc42dcf624eae03f200c30a7f89c9c5

SHA1
471f4312fe2816276b7577b4f0ad8bef1132715e

SHA256
3d75e4d396a36818fff0fd632688902a35c2975dd029c7cf9d10d5fd1312ed56

SHA512
1c5e597a83411a299effb7b9afb6d408e671f3cee5b587b674113eb29aa887dd74cbed6adcc94751e55ea50a821f64eaedd47dde822ae24088906c5f62cfa7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
30deed77d23e08eb23b8e0cfcd1ff638

SHA1
798532c76262b72a01948198f993736fa176277f

SHA256
2b1b7417c22fb26c44930027b043e0724711742d1582cb6b643e1b5403cfa12d

SHA512
808297e73db085c0032dc067e56601ddd05f6ea75eca98ce8521eb317eff19d6a204d1685e9bb3d819099b9c05eabbee75e617bde38d2001dac410a2ec914d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dbefc3328190325cccff5a03125d4868

SHA1
c11ddb1d9cab2d42a955e7aee37e496d0f605f0b

SHA256
9d109f52dd9c3367e868ea2266c9054e0ee58b9a484223e35ca3b6b36655cfda

SHA512
f847e419afcbfa326407b2cd8bb203837ce1d1023211c5b67c54aa9793a51dec3d76d8d5a77bd88cef39f2d5bfd886b1a333ae5d66fc0ef51dfd7cd1139f346a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5ead4154ae9ca84719f74fe163a4830

SHA1
436d6e59c64eff2093aeafbe898b8329f2087fd8

SHA256
a1bf8e28d9a0eaca89304e5b7541113734c2a6b24162bd34d3bbf851905113df

SHA512
002ca2a2d5dffdacc854d20cf12a4fd47058f1ea222eda475e74337c54e85a3775363f44cedba9b27280e832371a9384624484a6270b66ec8f72aa8b2ce603cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
edbc23ddee636c02081cf2bf51823c5d

SHA1
20c89c0054d7220924e8626116176c557a9003b7

SHA256
799abfb5b6170dca03bc8f57d9a18db8c669428164effb4c028e8233e5460445

SHA512
00000742067957b363ce6cd5cd0ca7797fbb8d6552676c8e201fe773d284a0483f16783b1a2f937eab03ab31c12a6b6450b9f5adf0b1ba9979029bd6b3930997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac6768e25e47733a9a7e9ba5f985c1ce

SHA1
a7f271c963a067abe384010592155f259750bc4e

SHA256
c4ee6d710dc0f293477fdca0f50e6df0f4e029e15e8a4650a694ed9c09fea39a

SHA512
e29e059718bbadd4df2e17514ec0bbf58dfcc5dde81cb5347567fe564dc5a307eece36736d186ce1f6137b2da83533ba4c53925702f6d90743cbb68e700a565e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3899fc4f2d2e51e8c5a6a22ceee2b667

SHA1
dae4c0ba8f5b4559d484a35f16a9fc8e265ad724

SHA256
d6f989a5eacca51ac441d7ab06a0ba6dc5ee700494331a6d408c0010107c1c65

SHA512
3c30687527c20683c9fee54991afb267136f627376a5a37d6cc05aa09edbbf3aeca65e97e589cdd9963f523d41011c81deb51fab70dfb6bb24a4164fd6f44570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cb6140baea5b255e142663f468fb353

SHA1
23193803213b9785dfed364a2b0c6877b0906434

SHA256
f5a9f460c02206c1dd0cf7ef0d8a14a699f4c76f66903131292ed4fc6adda31a

SHA512
9d032e5ec6d403af3d87be2c7faeeea3d7701a8bbaa1c78d6ea642e33555efc5fff02d743c7b0b0dd22ee0e825af77c9471230cdb2752baa8593649ccbb70e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
643c362f19c1d3e7ec462e60f3dcd86a

SHA1
7fdd200e51e12af16b9f389943aae9d09cb3b9e6

SHA256
5c6d6c931b7dd4c9b51bfd3e4c422e9db98a1e2f77d819ac912d77f9cf19dc67

SHA512
ae907b9aedf4ba63b18bfabf376c3d76278caf81922eacf49cd846a96df0458845c73b37f3cf880d1520c9a0258618e1b0ed1063364f1c97debd06e59006404c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4eb4101890a473d55368799da966ed14

SHA1
b418ef0f18eb5f1b6e83cf0da30ecbf734b58e3c

SHA256
f61b8065809697b9bd9b42e9322ca6155827706091f48ab64e34f968d7f8c4c2

SHA512
275c0722d01c0b7deea4d065b97522a3c863c3e1f584b9e6bd59f5d1577764d6aeff6247e7f6fe79c689f706c3b8e250035ac7a169294c9815b9ef9253adcddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd04.TMP

Filesize
370B

MD5
0854458219c98a51759bd29182766120

SHA1
3b39626174130c0720732293ef82bcf23c7b014d

SHA256
f3f0f3ff52b53ff00667c82e3f4ece3c4f0a02f055cf56236516a8b2b711bcd5

SHA512
d4cb479709f248ad4a48023e57c48b4e6660b905bcc291bad76417f96c02a7588e9d7a85c1023b1b8b0f5cfab6d0995bd95572e2ea7c567129c5a28186e18e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit