396128feff451ea5bfb09c16e30f9dd4bac92674f066c696699672e6e6f18364

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaae2e84a1c88872d2f4ee892c5d18d3_JaffaCakes118.html
Size

181KB
MD5

eaae2e84a1c88872d2f4ee892c5d18d3
SHA1

ae738eb916b0a23e8d7e04c6c41692cb148766b3
SHA256

396128feff451ea5bfb09c16e30f9dd4bac92674f066c696699672e6e6f18364
SHA512

9ffa1b717142fe6823b66ff794d42db655147e702b4d0e3c62300580dbe87429f1b6037600618e6678e35f49430e1147d1bcf410e50bd994d89396b0ba8dd71d
SSDEEP

1536:cAS3i1EHjgTYRPdke5bJH7LbMr3LWUK3o5KWdBaeYeOeneyeyeUejeUeJeHn00sv:oSE/Pd/b4J5dKelamD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
2536	msedge.exe
2536	msedge.exe
2416	identity_helper.exe
2416	identity_helper.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 3536	2536	msedge.exe	82
PID 2536 wrote to memory of 3536	2536	msedge.exe	82
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 3604	2536	msedge.exe	83
PID 2536 wrote to memory of 4296	2536	msedge.exe	84
PID 2536 wrote to memory of 4296	2536	msedge.exe	84
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85
PID 2536 wrote to memory of 2896	2536	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaae2e84a1c88872d2f4ee892c5d18d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9099546f8,0x7ff909954708,0x7ff909954718
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1948121751782225539,5566457270445342730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d18f79790bd369cd4e40987ee28ebbe8

SHA1
01d68c57e72a6c7e512c56e9d45eb57cf439e6ba

SHA256
c286da52a17e50b6ae4126e15ecb9ff580939c51bf51ae1dda8cec3de503d48b

SHA512
82376b4550c0de80d3bf0bb4fd742a2f7b48eb1eae0796e0e822cb9b1c6044a0062163de56c8afa71364a298a39c2627325c5c69e310ca94e1f1346e429ff6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9eb20214ae533fa98dfbfdc8128e6393

SHA1
c6b5b44c9f4fff2662968c050af58957d4649b61

SHA256
b2be14a1372115d7f53c2e179b50655e0d0b06b447a9d084b13629df7eec24ab

SHA512
58648305f6a38f477d98fcc1e525b82fc0d08fb1ab7f871d20bd2977650fa7dafa3a50d9f32e07d61bd462c294e7b651dc82b6a333752ca81682329a389ae8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e4c367f7d4ce5d99b0a33d77128bef28

SHA1
55431b0ecb9b0b243ca819bbd4b35c41ddb2d895

SHA256
a22a7a3114eb361bd6579de881e9ad5aab0a551533b4895a12ee8d314d216f0e

SHA512
014f02f4a458386b412f2dc4a550e242f9a7fe69138af8e0a1e733596cbd0d8ceca1a9893d94c771b7581cbb4df681dc72824825810c4e754109dbe6e5c0ef3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a9b8a755066ed09f1ea5ad348eb30b51

SHA1
7fde0e35e661f54c4754193fe3fa6d2e77fea41c

SHA256
71446379bba48b4706c5481026e9c6336f0c2f73387c6f05a226ceb78ed58d7b

SHA512
9afd48b24b407ffbae5df9c54468e1d9665b37f7c5150c9f90f5552699d5dd2dac60c7e99a2469a6e59376e11b9eb5d5321c71d0383fbefdc284249806171068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
10dc4c0295c7f73b03d9103992cfa2bf

SHA1
51e39d1654803f3db2ebd72c753c6356ba96b6fe

SHA256
31aa46148f8120a630ef77c55c6445023b3c8d8ee2bf283c7f5df6e0f99427de

SHA512
53228fba2383ed997ac119e225f9fcaa982bb1a4c0dd62cc19b484ec4a4b97d94e8e2656a6c0f010fe689c5a9595108b5d4d44338afc3e2e113ea1425cb95d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
012a026244baae54fc7567d7e886d92d

SHA1
6ee42124dd07ec90418e201a97b6ec98d6c25d74

SHA256
e16d9ac9c8c1f3a28ece232c00a693148f5abf14ff278e71144bb4e94585384c

SHA512
95de403667028a0a2a304fd4f71fd3e7df92d0224147b9cf8ad0d0dedaba3b58f4217c192d32848a3b266848b6754d6f9573c2c6423e6243226dbc139f569f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e14c025f81857cb9d5ed1e17c08bec0

SHA1
e9ffa7a9071fad38a36fca130f2ad630a38811f7

SHA256
346d583f0a7ba10236bdaceaf9568324a6cf33b2d9fb08297e5cc2f56586d7a2

SHA512
04978e32ea6be9f5ecf6c92b5e29ff6e193cd6ddfbc1f89395e990e1f63295ab69fb068087b396c7507847f101225cf92d21bef90cef1309e122e0e0f366e428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e83af23267029d92d849391a10c6d605

SHA1
8aecaec0aecdc0beeb5bef6f2ca2e32933f4463b

SHA256
881fec5b341458c5499d7aaff32a85bbe3fb0115ab44e6dc0dacb52a516c9458

SHA512
ba53f6dee839afb2ba396bb69a027fb3b4d2283193e6e222851f676451984071a94432c0cf2af967fd219939f3a8750306489c07a585a3018496836596279f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bc4c8a8ab046d9aa0f6b2f160af5218

SHA1
1d267674b4543a647df1798b1ce9bc3198164e9f

SHA256
5e8b84b4fecbf4a428d0ec7fa8d5c115c930b5fd63642efe01ae4d0feb6f685c

SHA512
4b7007129d0ece87ffd6548e2f0cdf6e288a78744b2806578489ded103469c0912a06ff80dd096df3176b79f573aec94f62990a9d48bcb1bf4b68a70c2b22f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2138f4142795846b50697266cd226015

SHA1
1d49e0477dc265818d2a4242650cd5713d048196

SHA256
4e6c2c0232a815eed8586c5ca71d854aacc6471898a7812c3e32b60cc0c50137

SHA512
5b05a7bf8eb964e087e4076f85d5f04b4036695bb262842154077bd9fdbd23468560cd3f137d0dc7a9b32cb2bab92a01adff6e3d95c9ac29b2ac9cdeac09f37f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6be217d826ff7c4aa81d39663a38dc10

SHA1
b32f46cf12fc4821f702880382f18ef3714eec66

SHA256
754dca9404f119306b757d135efbab8856521366fe9a3961c5373dda2a57becd

SHA512
306a06b11f079ad10db885200c0bbe37b56bd9687024e18fa84cfb95663f8fb00debebb381e030d5e6c4daca8eddcf180a37668745ec4972ef732dcb0bd4296d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
381b092d28cf022f3b0ce4fa5492aa91

SHA1
6ec8e53a31cb1342db99137407791f1bbc0887c4

SHA256
8241ebf774a83734c91dd1f783b082b3788ce89aa9286f97d8b78a3992cacaeb

SHA512
ef23b2e13eb93afd5dc4aee37d9cee9addd33660a0514f5b4068100f46d7e627b3d5952539c123a51018656bf3c3dcd45eb8fc6031020753bfe440ef4aecbbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
962ba2da4486a5eb41658d2698cbe051

SHA1
189160e04541d6c8fbbf11116e5f80ab2c3488db

SHA256
e8defbfc3646434c98b2c3cd34740236f15e08adbcc2b6188f34fb855e96256b

SHA512
86fccf83fa7f39ec55e1c5fd1299683508cb390becc38c0a85ec00c9854b1d26f1241319f29864b26c2a6e38df265a0edbfd22922be18fc5754f09a7e931c94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58242d.TMP

Filesize
203B

MD5
350fbb2c0744915b997f7361b135dcd3

SHA1
ab2c90a22ae778ff73eaf9f5aad38aa910912d0c

SHA256
91360a428f50dec99112bcfc24d7047e5a3d2c176bea3efd32de2f878781f616

SHA512
d0575001cdd49a4321f92b4af08db4f2ee6bc15dcef377c91300de403d040bfaa9d440d7b22c4883f63c0e65bea268795d9d0386bcb390cad6a978fe9dccaad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5d110439e970d63eff4f4a99238cf0a

SHA1
237eefcb388be764504d59d80dc7f63cd5b08279

SHA256
4b49d349d5f74bb5bd635af018451245d83c62944501cc3d646880b85c4bc552

SHA512
355efe258930dddad0fb341599ed0e949ba0e944aa8d274d809f6e70b5784cb0a4f4cebe1daa1c03e23261e72382028be1f1aa64e1dfd912c9cc1a3e0813e934

Download Submit