c33b5adc770d7e7aeb6709d6decc79a0be334eeb6fe64d55ab5772deba0bb062

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfe8c3a51b793e586a9237fe6cf4f1b6_JaffaCakes118.html
Size

300KB
MD5

cfe8c3a51b793e586a9237fe6cf4f1b6
SHA1

1b0c7f105d220b3304c3f85385491afd68baddce
SHA256

c33b5adc770d7e7aeb6709d6decc79a0be334eeb6fe64d55ab5772deba0bb062
SHA512

aafb2bf97365898f7a238ef415147b80484ff2cef059230f491d5c7d88e6295a626a09999e294c522040d3250d58b0c325dc83124ce72c7a726dd9e1b6a5c9c6
SSDEEP

1536:91+SbTTFZSjTPNNkltM/jVII3IbIre02X9mD6o6Oo1Hxon0O+JLnvIW+cHUo3Y9W:v+SbTTFiNItCVI2z9cQIiTCh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
2132	msedge.exe
2132	msedge.exe
4920	identity_helper.exe
4920	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1040	2132	msedge.exe	83
PID 2132 wrote to memory of 1040	2132	msedge.exe	83
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4588	2132	msedge.exe	84
PID 2132 wrote to memory of 4496	2132	msedge.exe	85
PID 2132 wrote to memory of 4496	2132	msedge.exe	85
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86
PID 2132 wrote to memory of 1588	2132	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cfe8c3a51b793e586a9237fe6cf4f1b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeeba46f8,0x7ffdeeba4708,0x7ffdeeba4718
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,379853110860552947,14832750304828870909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\229c01e6-cb7a-4af9-8f5e-7db88f06d9ac.tmp

Filesize
1KB

MD5
e3cbae7860ce22618f091c180fea3e5a

SHA1
5ac0f2cec9623d1ba2a54664fefce30a1959629a

SHA256
668a03dd3f6e423f96f99b581f1d1a96e0aaef3e8aaf7324b847ba39d9e325f4

SHA512
576779ee821c31fb5eeae9427aa9471e55a546e627fdfb8b2505efa5edb0417293289cef04d1ceeb6bc7977a2465e3c247fc4f8460da36b3595c2f0b0a5c4f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
12576a4d5af5aee1c859b6a57a21c1e4

SHA1
31c69fd03849bd3f0501ccb17b100e1afba7d376

SHA256
1d92de49a739a3058d645ab0ffe990ce30a4652cc7b2a9f5005233b35754bce7

SHA512
0c272ba2bc353ac847ad496b94dc43ed1d268debbfb6d65134d64ab1aeca669f801a257df94aa0fd81ab36128ea86ecfe0d690e31550cbd8b6b01a8d937f3d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4f36f0d678941c406e6c107c3e44f9bc

SHA1
77891eaa3fac94c99e9624a8ec282cb13eef153f

SHA256
bf43adbd1e328c026efde64ef80af8dae02ee791bd5e771877516d508b7186a4

SHA512
79e0517b02abeff3e8c1a017a31dc23b08350b9b1ab8f8ff0e9579052919c0939cd1d054fd97dcfb2950fa09e93d4f8310e60fd1c8171bcb18615de36ad7bf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f71d9dd0607570e34ab7ea10ec0dcc7e

SHA1
3b408e537a6bab1ac00db942fdd26b2c1b2909b8

SHA256
3daf4b13e15133fdeffe645d7d55597a7d6703ec0e61b12fb0b57abe2c5ca2d9

SHA512
a91ffc3946bee8bc91cce2efe7c5f9a94682e097129ac34211aace2dc5c0aa61b7c5ffd916da95c212f7c44033c4f62b06b595c8735a89d3500b0c66366666c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
290f9d226c8da9a6248f83bb2de87296

SHA1
7d3b73b773f383b6e9eb0b36a379ff7e9217f7b3

SHA256
4d8fc6ae580d49e655d8717265c1ac07358174ac3f0ea7d3dd536d9689a6038e

SHA512
6a27fc21f61c7b1418a916f8856a8c68fea543c177a609e2f89138dd5c62ce75263d61f017392ce7ecc905257c422e1d5e87e43e616bb837779c26e90180f8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6954931e67082418a65822f1da51aa1

SHA1
6a1d3ee6da79527e4672520f6a71543279831eef

SHA256
e1afd7eff0611c44d9aad564e50fcc7d2269c14e1a90e2d1771005a86814f1a6

SHA512
6164b7e3807bcedb888431893a2603b9cd4c839f3af146199f1ceba8a1d275087827155ed7c21eec91efbfafe24f440e0f7d20085b1078430277df4b0a02df5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ad8046d972e8b4dcaa1eba3acfb04ce

SHA1
5fe041e54f3d807a6e15a872945af320095cf6dc

SHA256
31dea077fc575ff5ab784d3f55c94b783c8e172bbe66034121fe86f70df2f3b4

SHA512
eac7dd343560319ff73580fea1976f49fb40c34d92da0e9bc926d31c7434bf4098f1e65af85d0a4b2450c58a2784cd7c9bc6be2f8465ec315287d272444846b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
3c3c382967ef12212b57be5855b0121b

SHA1
0a4fcc6f2ea398b996498c2c27ed125abca2cebc

SHA256
6a8715ed134a7cb3467d4e540aadb7fbd0f3f32ffeb6f2f344c47778b5bb0ae1

SHA512
2056cba2b2854a6b287e40254b82c9bb5f5b11eccdb9b2671b1098ffc95eb339e08460d4ce6c764e0ae1490eefa5cced5942540f5d48b8219d8b55ba64a796e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5817f8.TMP

Filesize
203B

MD5
a97d5ff9dfd13d820023166333843ee8

SHA1
f39271a74d91456ad60d2268ee539bcd41bab2a0

SHA256
e6748140caa0dab9805dc1fc6c0de20929ab95c592ba15c8348e971c7568d3cf

SHA512
2b6c8dc2e6fa00af8782abe1c8f9d0d65c57ed707af746bc5b749b8f9dcf55561027ec7124d3b9afa2ba8bc5ba287ee93624c73e2872b759e3c6c153a074a62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f3bb559594404d2c1eeb98f2212f7ce8

SHA1
ce288e9422d0fc79fee624fb2a754385e47b329a

SHA256
5702a752817b9bcce46e70b9e77cba15a11ce20d61c17684c725fbaab3a9147e

SHA512
2232551ba77b6fda1d4fa6c0804aaa7e39bb8f048bbdab80bb65e8be98bebf2b3940cecf99ae837f742c0a26ddaad0d2b44105bb6c4b91c1a8629f43b732315a

Download Submit