fb403f37196bfaf58d1be83723ef59cde3b1d5fcbde07bfe720d9e96cf462d2c

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54dea24f5e5fd8704ed68fef36c7e9a8_JaffaCakes118.html
Size

130KB
MD5

54dea24f5e5fd8704ed68fef36c7e9a8
SHA1

5ac4c0d57969548d6897ada018dc60f419c592af
SHA256

fb403f37196bfaf58d1be83723ef59cde3b1d5fcbde07bfe720d9e96cf462d2c
SHA512

8fc0d0ef05b1fd791b9f9d1e4106ddc56d3907a98580c3e79647bef9a5ff34cb0b7a1ea63cbbfcf61b71909cb2adbde04954c084f0583049be14bdfff3972814
SSDEEP

3072:SUOCWDxYxQ2PDxYxC2T/Z1swoEFrcoSeohzSNE7jfCqezSs32O:SUO1DxYxQ2PDxYxC2T/ZO0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
2648	msedge.exe
2648	msedge.exe
1432	identity_helper.exe
1432	identity_helper.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 1548	2648	msedge.exe	84
PID 2648 wrote to memory of 1548	2648	msedge.exe	84
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 1256	2648	msedge.exe	85
PID 2648 wrote to memory of 3332	2648	msedge.exe	86
PID 2648 wrote to memory of 3332	2648	msedge.exe	86
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87
PID 2648 wrote to memory of 1800	2648	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\54dea24f5e5fd8704ed68fef36c7e9a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe16a46f8,0x7fffe16a4708,0x7fffe16a4718
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6437542395618134490,13327380224227096609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
361254b7f2b793b45efac8b0b79e1b6b

SHA1
666a7251ccfb274dfbf33ec8e93ced5b88f7c380

SHA256
fbc95f88a3da8f66bb28359f908e53ee0cea63bd33415bf8804c5ea4d33647ee

SHA512
65386041f5ad5821ffe859dee72802da185dd6df68ed238d1b7a0fb44590ef8a0ad07e0de1c82bf7be5125e182edafccf071f7a2369f3327e6b9ef92753121b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b4f6d15b25741acae1ccc80e542bd50f

SHA1
45d9436415a9a3659af9c885be83a1dae432d1a0

SHA256
a8232e0bd5a7083b5873ce7a1edb1ba918838596dc588e75b286aa85c6529b10

SHA512
e622217245677e81a9f9c9ceefa8c4ecf52d6626c8bea30f6405448cd7d287de97ff73b79720114615e18d5174500f99ad74531fb710d6b124764f40141160a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
25721150a275d245cadfc62f590617d5

SHA1
ea2977d2d04439240e127f03781f50d2c59712b5

SHA256
d5ece072be1bbe491176d6f817c046f1308e4fd4cb9fbeec9ec2e4f21aab2297

SHA512
bf33121f6d7e177c527b5f90f82eb065f7a5790c8d9ce17af223df9a645d78f07feb7cae1f22dded94c9278b5a894a12254819efa22b16973409be1aab87d790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
660b9c648ba2340822fdc0f93b5d8081

SHA1
6bf1c57522fcedaaf7b1d0110279028d04d10f21

SHA256
2e8de146f07592a50c160d8c7ffdc02e268d36abd5367e37a817cc941935820d

SHA512
b7db25a7e265c111454d1cd89e15f22da376d56bad144063e8d5dc6276654eef659fa3bcd7a1a9466f67191c186fd04aeef5d83a903b6d3988c6274faf30d88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8737e3a081b9aedc08d2938b296baf0

SHA1
0370f2904903d708a11704681f21b3c55dcd2a61

SHA256
956f44bd751bc2e105239b6fcb348a2716c8a7a07c5dfadf79e943f2899565e3

SHA512
6996ebf244a7604543424b1bda3b9ef97bfd8980db35cf3a1f3772702839bf02b052195ddc5ed88707f2e0c6d866887b9473037d23ce796ce740e475bec36d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
b33d68f81bb07be7f77d3225c0fe753e

SHA1
f5f9b156b0e972a70e900509224b166a28f88ca4

SHA256
19337162adf4ff23fa540ab797eb777edac1adf1b575f7085b2e82d07fb2676e

SHA512
8e8c23325dd5df1031941f37629aa15d12448f5041c785e5d294d71f1b4053b4be1b19b2d7d382889776cd81a52fdbfb021aa02e32ae21f24227f8682fb1f640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58afd3.TMP

Filesize
367B

MD5
79349b2dcca081ee575b159fc7aa01bd

SHA1
ea4a10fabff93c0a1869fb2f4d24b0cd1c0359ab

SHA256
16654a6cd5e1b2b5a594ec3a43f2924ecc550cfa9571c59e65b3cb670b686cc5

SHA512
e011bb8f05c24f975c736ccf05d222dfe0d7ab961c67ef516196783220ba78e7c3b79d32eaa7b78998cb41c814d362fe829b6c9a4a224e6af038262026e559ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4bdc8722a292a641145391dee732359

SHA1
16f1894b353f692913cadd0606d32f8c74926842

SHA256
a27ef18aba39d5ff232475d4961aa21be5a21fc1714ac851d7c37ca865c75ed6

SHA512
3d53b19353d1f44adb5c280a5266a433264bbfb40cb7e7050a0a1ecfeba52de5a2eccd76e24490dcce40812f4ed085862071fa409dc13d8ab55b2a0068abeeb1

Download Submit