c4a64bfac856312c09689b4dc8ab594e87e358918b2bddb47682480e9eec348f

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c59ef781d740674420e3b8f3474125c_JaffaCakes118.html
Size

395KB
MD5

2c59ef781d740674420e3b8f3474125c
SHA1

766659061f807cb8ce665075cf8052a9d095b0af
SHA256

c4a64bfac856312c09689b4dc8ab594e87e358918b2bddb47682480e9eec348f
SHA512

e924cd696679c72651482de839e696615f90a2cf899314cf639f8b283391fd3d0db49b8ecf68eba519f81f26fd2cac18c7e91f40c5489ee42e78fb9f148fe486
SSDEEP

3072:OsW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGGfpTMAYeJPeaGzv3VY7RJvs:2DAXmNR8/AWAYEWTZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
1656	msedge.exe
1656	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
1232	identity_helper.exe
1232	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 964	1656	msedge.exe	84
PID 1656 wrote to memory of 964	1656	msedge.exe	84
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 452	1656	msedge.exe	86
PID 1656 wrote to memory of 3000	1656	msedge.exe	87
PID 1656 wrote to memory of 3000	1656	msedge.exe	87
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88
PID 1656 wrote to memory of 2524	1656	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c59ef781d740674420e3b8f3474125c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f81e46f8,0x7ff8f81e4708,0x7ff8f81e4718
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10495504115924694217,16380118857759663526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
8b41d9e82bfaf51825f94b0bc9facf25

SHA1
9f988a1b5c14425843d77bccca491b419f115816

SHA256
c0396130b9807c0b45615aefc58fd118f64899622a1a15e5ee6a88ae3516704e

SHA512
9d1caa1f3fea8e19eb0b8dd6c131665d826bbe85327757f4469b3e41c3c5dc77b5f3ae8bb2360a3979b5607933f7d5f7064abd1f196f7729e4ee90b23571c011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fb85ca946c08f947052a9ec23726ee6a

SHA1
4385b7675a6b9b3dd067707523bfe134f71d1357

SHA256
afec4fabebe6f3394f8f71f2fdc6c2b538f631bbb0a7f878700c52459f61504c

SHA512
479420a13c758e8b6e46fb286a297781b0c3ae35c1ae2c7647ff7dfcba5563bd2de8424374bc3b4a14a300b0511e99d5f629c7b6b7b874e73ac35dec40fb057c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7d355d8b10f1ccac346a79e39624201c

SHA1
8015efc84b2e8d1cfe48d9f84f67dda71f2768fe

SHA256
c5dd33f681a9855f791744e6d6fd17f1f537196289cd4efe3d5cbddec0a79f93

SHA512
bdfceb80ce5231be00d4d54861d88b6bdd70dc38c2636d0af2f1edb3f3559051022ddde938171f8c8f3969e0f7fa155d058586ff634767d54addbf7e824ca174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29527841e034076edd4e527e88328053

SHA1
65d6ff4f4843b4ad84344f4868fce5bb5dd639cf

SHA256
b8a1e65db96eb8175042ed769b84c7379a4b499fcfa56661184684e9ea27d5f4

SHA512
23db6088d969518c198ef201965f1dbe4f5497e76e301065dffe6f0a1f7d2d4096b04dfe63011cbdcfed5756670c00d879c56e8bd745f953e48c6b9b40f812a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bb07e52bf50a87337e55dd7ae0ac822b

SHA1
643c37c069240e1936c500f137cb6899b4bded6f

SHA256
e16751cee22a0ff96a60a4b287827238fea3ee82339435ee83eb604c26f7c2b5

SHA512
4ddafa473d7f370b69312e9fc03b1bc2e2139d3f15f8a52757ac923e02510937b9c6ee1dfa180717fdb2eee741c933ea0f0bf75e7398b0460ac941d17225c9ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24448813935dde40eb4a45795492b458

SHA1
3e0c56ea763b2df8a89e2f01040eb0a3d6dd6b5f

SHA256
a1134130a6a1e19dc4105b7c4d7382ea3e83bdc6e64923bf3f50a3205fa7b9b8

SHA512
847a3a72385646c1d43f861a4509e363322396a9030109007144db685b0018329ce62b80cf23de8be1f6229d3c62f2d1409b266b348568c5285dc2429b7e73ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
d124ba2e317a0138463efa080d1f4b93

SHA1
10a8608f68c3e99e8563a5c691804a19cae5deb6

SHA256
68cd22be0b13f0298640af5929ce65a113386b3eded7c03bbb25b045e430506a

SHA512
625a338b1da36ecc5d1faba6358c1abde59e495867845e7bd59ce0ef7e62be5272090589f93b2613bcc7c9f21d64fc3c8d44d283a17529466606f88a8bfa8094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
7db3c8ea7e78b490af4811be5fb53d9c

SHA1
44223b957c8f0dd4c6f510479e9ea66cda030fed

SHA256
67271b44ded727a2528399ee50d5c6fd853c2c4076d1cf29255e0f53d871e196

SHA512
3f69a1616318369aa8540b49ee9d433b7ed2adf17a5a36c077dc5fde58caa3e640cd98b467067eab9a4e6ef87b1053c6c33472d5954353c932396055742a3b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
62ab93a2b780bbf985f790e9797a908e

SHA1
6169c1d7858bbb32b89255607364eed2458cc509

SHA256
9de862b1575d8dcb3ff84258b54f898014f1940fef0fa296c60710332332898a

SHA512
336d51ca527f414acd176a0f34115eeb570c44f3a5ccf7737e9cd0d9a06d8593b36932cf0b17c3b14b6641f8c95dede93e0f146483cce90c398d5e86452a8a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583563.TMP

Filesize
203B

MD5
8b9871f9b8c7cdefae3a96065263416e

SHA1
22a715841235a7bd43c00a8b8d7f36e89c2c8c8e

SHA256
5636b8843ccdbc232707b8cc12f098c466dae7900ad6e7cb5bca07d0a1c8ee0c

SHA512
bb9c32b717cbfcf23a5ddb70d95fe0e27cdf264987c283b1a946c7ab88a2779f792af89560ba573878fdd7c082bcc813a7a73bb88fe9b773486cd5bf9bb2206e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d78e5d1d-17fb-4827-a04e-bb938925920d.tmp

Filesize
6KB

MD5
c8245837eb7371aeab77b8a5d726c905

SHA1
1a5fce865819619b86b04863c2f2c59d5452106f

SHA256
7702e4eeb90308b67c706442802fe96c69c6844f4eb2e485dafe1b91e5752e27

SHA512
ea15b2f6fba8731ae71fbada73befe2697176b8846c22a780b345370af5b40c6884fde58777c470d42d411655ac63ff00f14f242159f7b4e8fbaa2c4bf19f976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2bd177ba3e30a5eb9189ba427e4162a5

SHA1
4c621175c705287aec5cb147dab961b2d2c628b0

SHA256
34846c7c34916dfcf00b9ce73bbec9ed1a641c0cef648308ed323f0f29d896e0

SHA512
edaa97e1ececfb5d033db1a6d2bd1730ae60f98f31fb673e9753de35de0e07d2269db64d095d44dbe48010a21e8a4e458cd8814938ee83cf9b57aba1bceee684

Download Submit