966b0032c6e276885ca6b873b4076683bfcdd15893b586cb286ed0b8e38629cf

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ee9c58fe6276dbefee5366df296278_JaffaCakes118.html
Size

125KB
MD5

68ee9c58fe6276dbefee5366df296278
SHA1

6aea53e896033472ce10d008622270f67d2f2559
SHA256

966b0032c6e276885ca6b873b4076683bfcdd15893b586cb286ed0b8e38629cf
SHA512

0735f38e54d8be90db6188cb64fbddf9db02920363dafd908b211aec632690f44984dad7d14962d28f4a3258c42c017633e076dd3f3a83f058950b7f5f406186
SSDEEP

3072:pUnCWDxYxQ2PDxYxC2T/Z1sEoEZNisSefhENE/jzCqezqn3CO:pUn1DxYxQ2PDxYxC2T/Zq+T

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
4832	msedge.exe
4832	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 3168	4832	msedge.exe	84
PID 4832 wrote to memory of 3168	4832	msedge.exe	84
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 2348	4832	msedge.exe	85
PID 4832 wrote to memory of 1756	4832	msedge.exe	86
PID 4832 wrote to memory of 1756	4832	msedge.exe	86
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87
PID 4832 wrote to memory of 2276	4832	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68ee9c58fe6276dbefee5366df296278_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc0146f8,0x7ffecc014708,0x7ffecc014718
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17943083512620591659,18231392337236290276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\019c9905-d374-4cdf-a1f4-2b349a135a86.tmp

Filesize
5KB

MD5
aff269eff0b37f9284b9c99157a67dd7

SHA1
0c00579a8d318a7f2a808a23a270856318437efe

SHA256
e10d6f6d9ab495c2221255a23f601817516312a09005c1375819f3acdde1994b

SHA512
23cc86b6d1d7b6807c78bf63b294de711dd506539d5eff2f66f88334bdd9a8d596ffb3db6babf179521de176c942b858827a9d7fc2e6fcf503681f4a772e96bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2d8b3241e5f7710bc56fc38fecf1c933

SHA1
e0a65b6aa3b2582361830bc03e5971b09328f377

SHA256
25593ee25ba9106b5bec03c80ade95c587e19ee7b16ddc70abf328a0191b2fd0

SHA512
f6cdab8b745dece3d619b52297602f70ca3a2c2a2020a67ae200e1896e4ecc00ce86e00a2f53e2641e7679ad8d3551c3cc93577245700dd5f8bf95e5eb2056ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7e8f9f82aa04570c6fd67bc318e77cd3

SHA1
0f733de0339bf9ae45845ea686781745665f1ff6

SHA256
8e066a4edfbc5777e8be934342dd00fbcb78c247599dacf19ea6cd253849be72

SHA512
dde30522e0aa6b9a3ed919a9aee07799dd08528f4ec81813fcb16afe26b135a97f30976b3eed7143673bd92b36aaf6fb4fdd4e34e87a8a57442289626fcc7b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
729c480049480f14d0dc847f49913c82

SHA1
048e316f2768f6dab5990c64b1a40ccceb65bbcf

SHA256
5cf231071684ad49fd173fdb1c1dad6592dd2d83f34c4bcf00ee38f178a51d36

SHA512
26b3929139cb2361d7cf7e64f56ca9e86b2288b7fa4cd28b3e2c31dc0cfe87a26c65206755ba14b4b5fabc9766031b7e343cb222b5108fb0c7ff3c5af45fc458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e37967233543367ce2edb9338d5de06f

SHA1
8f1da09ded2853f2ad73f33b1506ea3513a1cea1

SHA256
7f54f0f8d92b6064351f00a3ee816d6d8750daf3c8d5b969060f2ddc16237c45

SHA512
5f1504f2e47aea8764d6e7278eb0412f6c4adac2e40ce0062e9ba074c556a677acff7f4ad74952b5d908fc4fa1fd82b9ccc7930de790c26356bbb23fffab124b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
6d73cd35b75b5009282941f816863fc1

SHA1
de56296ff34653db77f783831485eb5f9dd2b5e4

SHA256
20d2ba32469d8d0de734629bd7c88dee6dc0169d7716c55231a22d71a9f4d82c

SHA512
eb54196f1ddb1f46427064ccf47352a37bb1ef90479fc1fe72ba4b7e306fc440976cc3b73511fdca7066f4dc26bb6a01589843854185989cc62e13331948a34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583f27.TMP

Filesize
371B

MD5
569b1ff273174e3beab635dd25c8d981

SHA1
4e0b19007dff67f1e4b420f360c3b81a075616de

SHA256
3b3a3380fb0fa7365ea5d3241f9c75e39a59b2dc1a3d849bdb84ee8d7a12e14d

SHA512
6c0ac1b7a0f70565a47cf506358aacded46e384f51fa944788ba3ad7b3752d53400995ecfcd4f8d0c30fd021545412c5ae206ac68d85d2fcc24f6de91648ad5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79100e3bc8a31dd1108bd4cfef6620d9

SHA1
c783480b8cb2c80108ee57585bd4313c409e4b83

SHA256
4a99fb56a8b590c11f045e75dbd7b95e733cb220e84806e2717c58dd39f0a0bf

SHA512
9ceff3854d06231a963a93fb139c18250bc8839dff85da679d89647940a873e5ff8b670976b0800b4e21e09a1b62b616e5a9b7e6dc1a290d0332b59fa805b6b2

Download Submit