120d8218789fedb89baff0bb4b1542369a116a58e3ecc2c205083dd61cbb08fa

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1df0afd5c76b092187ea69ff7fb6c1a8_JaffaCakes118.html
Size

235KB
MD5

1df0afd5c76b092187ea69ff7fb6c1a8
SHA1

849240887f40662b6010c215c5a7e58b80d1b0d0
SHA256

120d8218789fedb89baff0bb4b1542369a116a58e3ecc2c205083dd61cbb08fa
SHA512

acd3fcec4d702070c19082ca7af82428460214d016a4ce4f4b2a6739a0a00be4cc54d2a2509dae686dc6879e9e3392e90c7848a8c14506f51508f3c75b5c276c
SSDEEP

3072:n3YCrHWvBhPCVB0U72fhg7BDYWTIWY7RkTPSHSeAmdYUvY:ICrHW6VBSU/k0UvY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
956	msedge.exe
956	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1296	956	msedge.exe	82
PID 956 wrote to memory of 1296	956	msedge.exe	82
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 2164	956	msedge.exe	84
PID 956 wrote to memory of 1956	956	msedge.exe	85
PID 956 wrote to memory of 1956	956	msedge.exe	85
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86
PID 956 wrote to memory of 4564	956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1df0afd5c76b092187ea69ff7fb6c1a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a7d646f8,0x7ff9a7d64708,0x7ff9a7d64718
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4161537831519478228,4899582398997592522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9860aa30e7c530d5a75c441256b5e763

SHA1
d0f7daf173b64a288d7431c3410103e49331b0a6

SHA256
48feb366a5c83408c9ce7bb3be26cea9f8bf631d353b2584fc6651563b0e9436

SHA512
be4bc8d82c4f927b79899bebf3f957e8bf0e345e124d77d2b9d8bfc0cb368ab4aacab5157a273b220cc8a5457a2f90aca3d2645bda8b793c934954a49255dfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
6ad5c798b9cf6f30889bb626fb23666f

SHA1
407ce2da42f95b0f343fdb1cb908ed55ea8eb30c

SHA256
54420bab2088caaa910baa2ac03addfc7a41f24df67da537df1a3460e1d98aac

SHA512
aa7449275bf5d001d3792a87adf6b284fdaeb0a4b67fd88a1121cc7b2bca05e63e8d9ae471abe321edbde64580d96379eef1a6d567c4368d35b30d2293bb8297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5da71a02cb07279bc7c1b243fd0fab1a

SHA1
e478b2bcff26e33957610bfdcb9ad24c8e1bf92d

SHA256
7b11c16e7f3cd78f50160f9c1e30031457ad96098bbbe4d16d115f68026a5254

SHA512
2c82b706effeb271c96d720dce37acfdfc943d698781367acea1a4d55b3824774cf0c8400e5de37f2b77d5386e105def906523d9826f13e3dc565744e6181178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d4ff15cd6e21e0b0c86200efd593dc4

SHA1
57896c756cd2876dd95205f42876e7f727571eab

SHA256
9a317302bcd0b0a7df8cf847c277fcd02a3204cc5106df5c09921b1264324118

SHA512
cb1df23633fb578cd0c62a6c082e4f45af7fccc33f2e22c957ee1df40e142ae91d8b7fc19e49fd5a406fcba92bdd33881502b31d0f3dae414a933c3e53d4ad5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e910767f44d2f3a084f417960f8ac1be

SHA1
016fe3cac715da13ec1e0a5aceae1d827d96af7d

SHA256
a0e95614ee1c01d309619c86b19d4ccc9871d320e274812d274a9766773c1de3

SHA512
3a5e06288b21cca9f40abdd6087d7816581b76c5e8f3de6f7fe025f424973ed44dbe45da859b1e349be5801c89905bc0be2b88a88f05c5d4157b3b0d9c2fec18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f27ea3235a591f3d3610c1adb364b407

SHA1
1e03e90184b39f16ece7c8ec9d91b1b3c18dd92b

SHA256
8502e7140ac37abb006c8db05931c637242d70caff2615a8d49f7368e760e1cc

SHA512
07e5ee3ea131b9c0929422da7f590d466c9d17a6ddd682932ac152b22eb38836a381a6bf45578bd3a0ab41df0df2dde2fceb59a41fb91f687dd842552af05ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4094c5d875f3ef5f8c2b7d296a808271

SHA1
e83ea9b43b98a093e2b28b49f405202d3d3f22ac

SHA256
afa2013e3f80d6eb0f6cb13375a87f82be34904ca065a78aeff6fc562a85fd94

SHA512
690776702973b5fcf9327d4595cf40eb05368280dcfad86451bbb2b77fae9dcf797a0efdba76092fc6c1864e6c1ccb9d076e87d0290a9b1cfb55efd0381b2d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3a2dc6e49d4634888aeae55136a33fef

SHA1
45cd6a1eddc631afcd14c8b65bedab86a0b3a182

SHA256
60e6e726640800660d0991dccebfef6bd15266171cda7b418d215852eb4bbbba

SHA512
8c9c0bba023aa8ec3dc6e81bb7032d896fd6e5e7429233cda5e16add43ab9e15d37a0c30cf20448b76c21da3bdfc76949b0fec0a22adb6cf258dbc1fc48ce500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f3b.TMP

Filesize
203B

MD5
6f5e8a9402ac010c3d52ee371848b489

SHA1
18d00e61ea8b813e02c6ec63aa9dc3cd46eb527c

SHA256
23a725ffaedf92d47f8f3a03a221d862bd71cccc722df9985f16a91b66f22138

SHA512
18f82c00d02879398d757ea99ee0d901b0857f802215c28c8357e4ab148155d99d2904b85aed316f7746b099192f79c4e09cf45e02ab1d00014acfc14ad06066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\be3b65ca-c6a9-4db7-b886-9bf6ef4a0e8f.tmp

Filesize
10KB

MD5
ffa6b9b8504be59cb9d2019b1594fcf0

SHA1
ecf24de3feb3086141e794adc2e526695df12b00

SHA256
cbd2038dda18d1a9cfe85c711fc427c51761339b439b3f49d28068ebc2fd66ec

SHA512
8ea232adc3ae0c18f0bffed075d588321a780f36a415af0e829592cf0a6c33c5402cc33cf43a55e907e56e0acac6fb908b273e0425237845ec3c2dde89d399bd

Download Submit