dd85b3c424679232465349d189522110d2058670de0385ca708a7853a72454e6

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 17:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0279d181dcb3d2fbe3fc0fbb8afbe842_JaffaCakes118.html
Size

67KB
MD5

0279d181dcb3d2fbe3fc0fbb8afbe842
SHA1

23d943dccbc5b9d26b5f66c6312cc36f0d1f8616
SHA256

dd85b3c424679232465349d189522110d2058670de0385ca708a7853a72454e6
SHA512

fa991f47793f2feba2b58930ec77bd703b1ec11eded63d6df139e03708361c8d78ada710e134782cdb5439bc5a66f9324ae5e11497baaad48cd303f367fc0f2e
SSDEEP

1536:sTTupBkaVWoxood9h2L0xyof5uEjVRt4xEt5:s+pBkkWoxood9hxtRNLt4xEt5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
4680	msedge.exe
4680	msedge.exe
3352	identity_helper.exe
3352	identity_helper.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 3808	4680	msedge.exe	82
PID 4680 wrote to memory of 3808	4680	msedge.exe	82
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 1976	4680	msedge.exe	83
PID 4680 wrote to memory of 852	4680	msedge.exe	84
PID 4680 wrote to memory of 852	4680	msedge.exe	84
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85
PID 4680 wrote to memory of 4812	4680	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0279d181dcb3d2fbe3fc0fbb8afbe842_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2427806778843445593,1973090295624301973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
0d078958dba0ca2dca1b906a906ab2f9

SHA1
b3bcb65257d3638c8a1bd431968c78dd8426456d

SHA256
ffd3b6ed2f80694cff0aab8779dfcad4c14a927fd89a802b94195cc8939471c3

SHA512
e46a9a4c313698bd5afc594d67a8cf32cc63b2e4717b4a25a4c61f58670a2e03fff46484cbfc8338a4c155a31719f0c538c8901f1ec190a0d3e9184df36917cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
80196a5c1234b15b9782e1808e2275e6

SHA1
cc623b7895ce2c0da9dfef9edf566f065ef37843

SHA256
888b0bdb7bb3723ba3c56703de51df39aea88d1165f0da1218bff9d8a94c98a4

SHA512
1520afd20d1e14881c550dbdf86144d8c2d81a57323da8adfabc258f472bb970dfbb69070627f67569514dea15d231d01ce5cb08db9b040a42807f04fb0a41e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2361d8b1b398b21adf1f9207f99ca5b7

SHA1
dfb867c9de6bc310ef3626e3981fb1895b384d5d

SHA256
3ec46201414841ab4cb9ea7697dc806165cd5a5d9fb9d988c3e077cd9161c8a9

SHA512
56e819b5613f15c14d4e194726bc1d600bd70a722f227d127d612fa1b8215475bca90e4bc890476c71bc15756763f337d3fa1cf4e728d4cb5e9024e90b3ac016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d5a3540db99d06f3bf14acc9697e78c

SHA1
18de698cdf044a067c9216c2b8e21e8e4fa5ec2e

SHA256
e36665324ce885dc32818ad3a82cead690060483292fb0ca7ce40218eddd8887

SHA512
6732c0916178cf884473c09ba1ba8bd5b1441a738de86c18625ec8d08f899a8a35e06f975fb2f8d01d4c750bedd24d317c2c95f709944db86519d249c3bb76de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
24d2e4a96a7058af3e056a5e4f778d4f

SHA1
14171ecc00d326193d750c8bc067b1dec40a2684

SHA256
365aa1bc7102d7678270ab760af7908adff716bfddefc47a35d63871fe7c9a55

SHA512
69414cab639951980e55a24065495b39b6e54eaad26596abae9935bcbe6f1fc11e58cb19701fb181c87fd556af02de2b0d0ca83af0d139833197e75f0d8271a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6e875797af1833dfa0394fca43525d4

SHA1
e4cb4c9288115acb75378e95b723cbed9185b7f7

SHA256
5da94f702844b782c95ced7049aae8566af8fcb81a439e485c2db76f397458bc

SHA512
0a345cfdaf1b9e5d0f6ad5915bb173884a9a8372aae284182943da53afcc8493830b58c4a18077452a14e1dd2475751b832861e2cc57e6de34a7d2b8a06ecb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7f987b77f2c38d5caa74b2fcd983869

SHA1
35a651f5bce99b41d4151a6e698e39b1a566d298

SHA256
501fb7563fa85b3a24e63dbe464f50f3ae2b6c8df26871820cec81a14c10d344

SHA512
9b09b1af56252e54dd14951a1114e6f187f3613d53f9aadbe2b610ee63e8b85c875024b9dbbcf80a96c6e2a9db48b03c83d224bdca5dbdf9c11289a0e448274c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c568df1b6a0e834f127b50f864efe46a

SHA1
964546e3b9d747fb03dd18dbb73df3218aae5015

SHA256
2e68a12f50ca30e6dcfe7682eb3d81bc931d2de457bb69f7a03d6239372c69ea

SHA512
b102c809fd7b06ba83e2f0ed271f2249da783e4136552f26b8c6efed62f70f45399199f4a20fdf0023a9cd3cde220de1dfd0537a4cf4c8bff2014d57c22b7d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
730904fc4d99099ee5c065ad5b165646

SHA1
89a49473ae639985c5a0687f9dd61b47080594ce

SHA256
03489ff14cae68ce853c7216dcdea53bc0ccc3ef0fd51fc95372d5af8cf2d516

SHA512
c1ec647c2153dcfc55d4232820cb1491f122a35cce18c355e32c9d6dbf09b6bd9d018bb3648b90b0f0f37d2acff1da74d88dcb9e53683188d9dab47381c5bf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff8e.TMP

Filesize
371B

MD5
fb937f9dd9781d53f571e2adbf56f821

SHA1
6bfb6340740511191e7f6562ba02a96892c1ac7f

SHA256
a100131bc8bae2cd827c618b0831b481d0707ccd505eafeb2710e150f98ddf7a

SHA512
b012e60438da5e835fa985f6a96e7cd15344e7478267a1d5b4c2c6b47278334420be6fe23ff92a74d9473f5b844da575a5ea7d2424568ac36f1d1e4053b6f4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b8cdd6eb-ef97-46f1-aa9f-c5a162c551a7.tmp

Filesize
10KB

MD5
66cc1e80239d81a7362e77c21ca3a594

SHA1
f611b511fe0a7598dfafb1738dc10a960822c020

SHA256
48ca82939c0fa30051744856a83cfd41eb30b79cf269a254ddc2d05d9f7651c1

SHA512
eada1ae446466aa166fb5ce54d3c60cc1d7f0bd785e60393c93e084421ac097561136e2739006091448a0ae4724442af7bcec6ac6ff8a9ad4908a00d29d7028b

Download Submit