640c159e94ecca76ee7ec7234612be88b6fcd399c3c3d289a5d4e3746dfc7e2c

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa9217a31fff070b96e1ae48b9d5b91d_JaffaCakes118.html
Size

254KB
MD5

fa9217a31fff070b96e1ae48b9d5b91d
SHA1

e20e839847e88f043c527808a89132b7055a6094
SHA256

640c159e94ecca76ee7ec7234612be88b6fcd399c3c3d289a5d4e3746dfc7e2c
SHA512

52d41e902ef31b723fd86ce2deb2c320f898d0c6e78f179a21d88db31aa44236c29a7e351e4919286ae6392949335f3c7193f15b0fc2b69ff62ff7b7f11b2ea8
SSDEEP

3072:1xI+aSv8MuQ0s3BP5x6lbIBGb1gmg5VmI0viE4CHXLz+dfMu2lA7rBPgKMtrsS:H7Xk5Cn6VB5Gs+BP2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
808	msedge.exe
808	msedge.exe
2748	identity_helper.exe
2748	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 1900	808	msedge.exe	82
PID 808 wrote to memory of 1900	808	msedge.exe	82
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4676	808	msedge.exe	83
PID 808 wrote to memory of 4140	808	msedge.exe	84
PID 808 wrote to memory of 4140	808	msedge.exe	84
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85
PID 808 wrote to memory of 1976	808	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa9217a31fff070b96e1ae48b9d5b91d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd4718
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,340749912267437669,13480005222505409477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9bda55f76f54ba8849c155b171dd51d9

SHA1
bb80b6fb6476f3abb45033761d55ef003cf88ecd

SHA256
ee5652649b028eb868571a7091010b2e65000b998262102b7f6d892d3e45a21b

SHA512
7385f1f379e52c2e72617c1bdac0cce2388672fac6e24fcd7c75cff1622ffc9b5877b34596828daa51e0dff5d9e6a3c9cfb14a6c87eb2dcf87d86c15295fe590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
074b4f921dd6362cdc98744f356dc07d

SHA1
377d7de039bb6374052ebd78e29df0a9d6ea35be

SHA256
223626fe4697526c36b80f6ef67703240f7ac8c87438e2066391eeb01516efb4

SHA512
92a1a2ff1668485e4ddeedd09e2566256210f75234e1091f4f527a779136e809ca9416f83162cbe8d62c87c58f5d4072987eff49277c4d352b7e6d4563f9e591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
facb329bcd5f3e2aadbc4c27dfacb5d8

SHA1
76113ec67fad645b9bece499c8852f22f091672a

SHA256
90dbaaad214d2d60dd8510de0f8cc40ff77284a2fefb5a813685dd3cfdf961ee

SHA512
0749b2f4e3e932ae8e75aede504e41fa7e98ff4fbc8da4f8e2fb738278cfe86ffa9d4d965757433cafc5e4f8bb57092d339229c40c0b3ba9ac501476bbb6b074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee18198493958436d5e34fe882bc22ab

SHA1
8a511942a8da91283843c60092657eed215d851e

SHA256
c88202b0142433018186c0628830bff1e5d3ea9bd1b39ae0e23e32a742b90b22

SHA512
20150b589f0cf3b9751372de985ef756dc560925ef1e4514225e644719d39e373d477f02e7734d5fa34dc29c11b9dddceb5fda869ce754f00f1c5437feacf41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f90943aafebfc8734ab7c46d1d4861ea

SHA1
d17ae50a8b1207e02ad8d16700885b793731f872

SHA256
5f49366b65d88c2f80b39f497b250800ebcc598df71cea2dd5bad8e2b9557b38

SHA512
9e75d30fc893500ee81431fa3e2bdd1d6fbb23ce73c59d50bcf5622a6c7213c66fe87491f28d62fd26aa795bd9fe0401bf8b23fec84bb7e8f2f48db1f6429cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
243941f29e339ab8103dcdb429d0b90c

SHA1
716f76c4cbfaf6536cec4bf09962d27dadd0fc35

SHA256
6aa42f51ee43b68c7d4d9aa1e2a0c70766542d913dd5c2d2211baca947941f90

SHA512
a6e498be6c4cfbec031c0c8af23d1dd8bdc2660ce137d6c58b0f8abb35068230f2ff9dea0e5eca64ae9f4a1cd1a3e83da8040c6261f7cf55e69b8b6bea2943d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc01976d1a847c03d0f3fdc4cfc1468e

SHA1
a9ae3321fd14100937e3d7d7f89509e74f005b89

SHA256
ec9affffa2f5aba7c2ff3fa30a18aeaac4a52d4e1ad319e7823602428afb7ce5

SHA512
46ad6a81c967cc3eab9c0562c4f95a75325b65f4317cb35819a6f72017c053dd206d6dff43b5c719e1a46d41d36422c16fe9eb77888b82ab0541eb0753647ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18af337f514667452fdaf47e9a925658

SHA1
b6405aa506a65ac56417bba7fc7398e48c162ad2

SHA256
8a6c914b33590a25809c23f6c2047c5438e8f184a923ae1261338cc0274f4375

SHA512
94a5619c4e419b433a8939740543155d078e83518610feb7e4d31d471fd07ee60106134d7501c94696c89f58ddda97f2e54639add7079182aa45e6b5a7067136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
6b8c1f86a616f529b8255529771c4d20

SHA1
35c53a5a82b6bd03878556041349e9b799b72df2

SHA256
15ae2e345887d687634c3165f691ebea3130f59ac13b4a32d7303c700664c216

SHA512
17704876f07f6622b74796f86a2e19369abecc248b9ff1f653ffd38eb07c4d941f332c6962166021008e24de8ee10ce9e56a43d328429a6dcbb6e596c206e81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f339.TMP

Filesize
372B

MD5
6695390833ce3e4b22e925eca4bf0b8e

SHA1
30c1b030a2dcbc4b1563ef21ce91c32f793b0385

SHA256
c4b8962c3ae7b9d9d0575c1a9a9e5529f6b86161e6ab147e34aab3423bbdbb56

SHA512
a6d158c773056e16b67939dc80ff0628b374cf1ea52c0fd33f562d4be499933e9e46ed05dd7604217316467ac61a3cd9b3a02aaad992f39ad08188e57d611e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad37e9bfb601dad21c220691e00341a7

SHA1
7118ebf8b598b5b84c5b3fdfff8831b31ab4a387

SHA256
c75fa08e82aed5c8757852b48e437e62c9ed76259d762155e7bef56614903abf

SHA512
7848c1750fc9393ddf34106cb8809d088ff8ef8fb9c2418fa0466c8ac4793062aaa23c295dde2094b0c740b7b28d2087a3e252c471efe902a4e39508870ab617

Download Submit