6ee92c48bdf87335a89973dcdeb083b72d4f94462edcb5fba080e57914e02fc9

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd9d63af9b6f9e2e2c873d149d43c3b8_JaffaCakes118.html
Size

295KB
MD5

fd9d63af9b6f9e2e2c873d149d43c3b8
SHA1

63d2f0d702265948e087e848abe9e7ee51d26ec0
SHA256

6ee92c48bdf87335a89973dcdeb083b72d4f94462edcb5fba080e57914e02fc9
SHA512

ea358208f5a9068324e8a51c0945143dcee27da030323d97eb9e788453cbe05c774b04a62968ea0a8c637581bac49d320e72672750cb9430425df6edbcec5845
SSDEEP

1536:LD+SbTTF1SjTlTwFXNkltM/jVII3IbIre0NPSm/6oOuJLnvmO+Mh0w3o9dE6+1SB:/+SbTTF9XItCVI2FgOcDiTCH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 4396	676	msedge.exe	81
PID 676 wrote to memory of 4396	676	msedge.exe	81
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 4556	676	msedge.exe	82
PID 676 wrote to memory of 3364	676	msedge.exe	83
PID 676 wrote to memory of 3364	676	msedge.exe	83
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84
PID 676 wrote to memory of 1964	676	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd9d63af9b6f9e2e2c873d149d43c3b8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,461016490688991541,8613690379890874279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5bc33bb623e8e3904bf21470416db155

SHA1
8e71a735b19252f6ace77399c143ebcf02e68992

SHA256
501615f17f167e1d6ef821e298ac0407bacda9ff442a069ee38abf24d7c6c67b

SHA512
a2b81ca122520f13c1fedd1f567f4d4927ba602fdae6471265c1f74543f1ed01babe234ac3415bfc29cbf46bc9ead58943eb757a39c23e5c563c4c4812f2a7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b96490794e88dc4334a92d8162438b40

SHA1
e876181ceee00422e0c00ea5b67951ee944af6b5

SHA256
4a73154088415d0f25d08c9c97f15cc29c86e7ea7385ad0e2f3390b8b2279839

SHA512
fa35546a1d4fe70143bfdfc63f4e08363c119b52238732fa2c032b2403679134d59406352f379eea895de0730775552442b0be7ca574389d7aaad51057565d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d06879093db85d251541156e843ee0cc

SHA1
93d0372ee1ae547a9c03acfdd69108fed2b1359e

SHA256
31569ed2c2240162358cedf0eb4c1d9ae0a8b60c7a94474c4347e2c9015bfc1e

SHA512
0d448691514983e3b0d72286754a85b34d3f6a0d378ad6ecbc9256b90f9db82eb4260b721253f42a285d1c93616ad14628c58c4fab341a0d778e82904032698a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe08fa15dee1e9e22d2b88bf10b9e99

SHA1
391539dee4986edebbb5e76a7ad99d8d37afc762

SHA256
3b8ac36b94d4b0123d042a2f39af03f9592a95150bea71e262b699bb24b98f7b

SHA512
5886d71450949f197f8da591cf5f45cd7aa98b03fdf0f9be499b90b3598248dc4f98129b4d81c5b09da8963c6931368860ee800fb17e15b963bfddbdc02cc9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9eb25c48f2c64ec8df382327f3a2cfbc

SHA1
0ef767e905ecc5baa80260e588191e74c2b645e3

SHA256
29aff290a3409c9ce97e241b7df618c095c3ff08b9c69c31afaa7c814df6cd52

SHA512
a90e25cf734190b0ee9e61fdb2178c5b7b08e60fe24ccc2dd98ac7fabad8d26ff4b48639675de0bd5913b5c43ca7d420fc8a915df8cb2d06813ab0ba63f419ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27d2c85f741b06fcc1f71a92625d6d64

SHA1
b71e56a5775710b98c36627973ecad16c3b15413

SHA256
5e31ad0c09fa5dcccceb584960764093a1a98dbb2d9e0365a62e6072e5b4fe2c

SHA512
c9de9a7957a72669cf90df3bb9d1f1d52aff744c24a85ce7cd44ee259f6754122cdf3d61b61249af3f6602ac128d6f06b306d9738cc21b31eca858e706454218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e23533bac498f8d0c1dc66702870a2e2

SHA1
b7aa78423b4d847799906a408c89376a8df6587e

SHA256
c9183edf07854f7fc040e6a1d6b8e6ea53418f1df22cd83f879d7ec93920acbf

SHA512
9c9e56af0d4bcf1ab44569e09ab5892dc30e722222695cdf1f7c7bd604b091fbe5822a87f63c05382bef4118959670fec29ed23ce6e87584dfda844ae07fe138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
1910bfdf672ba352a2138fa5a6dcc35e

SHA1
2b5552c45f435be4a6eb058e36f13516fef95217

SHA256
9e3c62ecf2d14604048753a7d4a671c454bc31e3586df0b5d2a23ae62cf51a49

SHA512
5c057e0a282ed63020e54bd0a4d9a4a7b6c130e863509fcfc0f48cf0ca0876831143d4b82078658cf5b808905ac17b227de073826d5e56f773a341e0b392a879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585639.TMP

Filesize
203B

MD5
1d737751dadca2a9b9345ea608ecc693

SHA1
c718d53015402243ab2a0e536b0a29ea408cdd34

SHA256
91c3158d5d4ccbe1fb0394bd8a3f2c2b51426ce0d1371c1a7b9ef7d57d237003

SHA512
6e2e892245b38be676114e20af2faaceb2e853daecb973c1695daca5d3604804d92646c3644f4db1b415de803f03026669d1f22ee86cac716d577632295d3714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02dafa2d1b5095665727e2fec3f13f8a

SHA1
a6f6b582469f0006bf6eb6e8ca085672722318cc

SHA256
1c9ffbcf200c32624d5cc83116bc00c7d0ca5aaef76af8c7a7285e8bef0f59c3

SHA512
28896dcd6ecd0c43cf97fa7d7b518074d49efa9d8d98d24119fd234399fae372190683c8f5dd899512419c65faa32fb7e6d8a692321fc2c41894bf958a6fa9c5

Download Submit