4450cefddf306c9b0f16a1746fa297a41fb7b419b480e4249d9828bb32cd0d0a

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d018f0883e8a93e854029f6c5a2fb2b2_JaffaCakes118.html
Size

76KB
MD5

d018f0883e8a93e854029f6c5a2fb2b2
SHA1

aee3f7c50a0a578a03487223fa5fba82faa5a2d1
SHA256

4450cefddf306c9b0f16a1746fa297a41fb7b419b480e4249d9828bb32cd0d0a
SHA512

524a339ed9ab51e72402517e41fd7f98f20d87ab77f429b36ecd09e6449a273dabd673ce6999d8ad70c3c8ef78ffe9adc9a7b63c2206a1a81a78fac2517131ec
SSDEEP

1536:FlWXjIaBEwwaaFFPPwwmmmmmmmlH+j4V6OVLADjSGQWTOyppfY9w51qLMNuXvVKy:yX4j4V3LWj0a3NuNorUX+2GyLDy/oBXz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
2076	msedge.exe
2076	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3612	2076	msedge.exe	83
PID 2076 wrote to memory of 3612	2076	msedge.exe	83
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 1020	2076	msedge.exe	84
PID 2076 wrote to memory of 2396	2076	msedge.exe	85
PID 2076 wrote to memory of 2396	2076	msedge.exe	85
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86
PID 2076 wrote to memory of 4700	2076	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d018f0883e8a93e854029f6c5a2fb2b2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa0aa46f8,0x7ffaa0aa4708,0x7ffaa0aa4718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8053530183950707835,13628937619314479405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
148adb19c1dc9b1986160ff310734388

SHA1
48272e36fe4326e0c24944b78c8c2d3f57d0e380

SHA256
3021cf78f2f42cc879ec69e68dc60923c53cf591d3f884c387cfc29075cd46e3

SHA512
012ef56acc80cd5752eab4ad344f794812cd0e9941b31491c16238a1bf0abb90231a5450b7323c91cda9e7a2e256bc595246acacb907fd7a1e2121d22e17e9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
83f397b9e484e88af23a55fc5969b226

SHA1
6fde503c6ed040b238f60a142d13e834390016fe

SHA256
c946e931e18b75f0d403640228968d99c8e1baae1fcfc972a1168a55e6cb7f05

SHA512
ead5bacdb863e20abc9a4fa26b17622b48e2c4db7a664dd2f74b9ce422f40d09bf442f16d789b8a898fa0b32a1901bc39a5433b0af36c48b8d14404743a734de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
adf9601e1fdf806e3189d16f80c0b94b

SHA1
d7baf571a34a8c3a34ad15bc685aba7ce4a63a62

SHA256
07cffb0bdfea826fc76fa5d2fbd5f79e9f8299001a2b9fa524f5e46e82034f02

SHA512
151e97cd7dc6264c10f6ff69f2793e6c99a2a1a566b754cf8d8ca27f6fdb5f8f8a2d924e2e1a0d92a63b0fa10aeafc2e9198b3ece92d53e078dd98a5f6e072ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32890421fec13efcea61f06b71566400

SHA1
abf725dcc157522781ee73f21ae0b73c0b18efc2

SHA256
2780f8004ad964f6b7f20e5e3384a5c6d42a6b25b54ba28ff29f728e2423d5b7

SHA512
9036006da990d5c14fe3862d22436a906e5d0acd8c938162af75eb6e6fadf34b3420907609c5f518ea022791db0a033bc1b5ab80dffa3fc82a0fa219cc4bb7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be691a6dc3a70c5b6a6634f1f4024dcc

SHA1
a6a8caf901e592472a1238d1360dca188c3d7520

SHA256
e6eb88de30bcfd16c8bde3d2b9665bd6bdbcc44515bb0b665bdfadfd95a71c00

SHA512
7b92104a695b83b671404bef2bcb53f0bf2ae5e60908567bc9bbe30e740ebf6720bb205cc0c1ec1cb71116fb59f52c609f3aa0b0fa861965adcdc770020e9402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd8a27c87cdd79db24bee3b4107a9ade

SHA1
882730fc1ccf5d73f708573ba2eec1fe02e50a86

SHA256
5550f7679aab0936fb8133b6e15c7fee662d84191e7d7ffd436fab25dce11e0e

SHA512
61216b5f4a142060b6fdf29fd524267009a33324c4a6d79fb2f631a961b9f2d8a09a97aac9d2e4f94716593f4c53fcc5ebad9d452d7d12d10bc16ed47c28d957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce85fdb2a9cf62a465cd2dfb867279c0

SHA1
39622b29a44b6db7f397451267f97438b59553e8

SHA256
25ba34031374233b9a4294a14a9f7d3ee449485dbc624e84c1c9af0ebfbc70c7

SHA512
3dfef223ee8c1907eefbff4d19bcd77d8bbbb5ec2f2f9f2885fa8fa9b493599390d16c966b3e164f98f6f83936be8cc1c17dce93d74dc5e30a3bbf22c337a778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ec02bed63a7be089fb1d445e72eaac17

SHA1
595e65474b3484a55b6bbe3c1ab6fba9467cfcdb

SHA256
82d1ab987193782a84de9ed64fb9f2dcff4a29c2e967ed774c6b177920a5c9a9

SHA512
c55ba35c252c193daf37efbf4d434ac255e504986975289157a031cafa8921a9d3f99a5ad9da3bf6674c6d5e24907bdcf9f6cf92a677726d31dd2e6481d4eece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591563.TMP

Filesize
204B

MD5
b5617c3ae745d3f6643d0a6b910ee1c2

SHA1
ca917b153d4cab40d81148e05268db22f28a082a

SHA256
a2a64d7d550af7f349195ccdc17dd975706eecc601c479d4b35dbad0fa74b18b

SHA512
4f8a73f7d2a307663dc587dddb674d00673954a95cbd39490f198a908059fc51b33cef3dfee1645168394091ce7a121cbe7fbbd0dcd1e2ec6ee582e786bf7b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
444cdfa38aecec3c99236ed228a15219

SHA1
05d67d27ff4612f25a6fe96e16ccf216957a8a51

SHA256
9c8c964593af97faff8a73e5e0cc78053df86c1f186645c34917b34cf6f6d38e

SHA512
09d39ec8f5378782410a9023993e6d59046670e7ebf9806f66947a4ba2366563b71d8839fcfc83d1d7e663abfae7b7fb1e9e44b0d9b4e1d22933624b6b488312

Download Submit