95ee96388af3510c51a51e39f80a8a2a788258dab722792193e08c4995d94cad

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c35b38303461317ca2779f4cd2d95fb8_JaffaCakes118.html
Size

312KB
MD5

c35b38303461317ca2779f4cd2d95fb8
SHA1

85f2858e5dbdf8b9aefd411db0d926301630910f
SHA256

95ee96388af3510c51a51e39f80a8a2a788258dab722792193e08c4995d94cad
SHA512

2d674f530fe85cebd47ca9f42e9b30f57100714ad2e6574edb339bc0617de60df085bbd44dc5882b2d410454f1696bead15cc1a0935441d3e851b06d9391a968
SSDEEP

3072:wcW6WCiqYxDNvG8rmgcXmNRSzleLer71BMn3/p2mGjQsRzsx+TIveVrn7RJvfy34:WDAXmNRDUoI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
672	msedge.exe
672	msedge.exe
3292	msedge.exe
3292	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 2424	3292	msedge.exe	82
PID 3292 wrote to memory of 2424	3292	msedge.exe	82
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 3008	3292	msedge.exe	83
PID 3292 wrote to memory of 672	3292	msedge.exe	84
PID 3292 wrote to memory of 672	3292	msedge.exe	84
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85
PID 3292 wrote to memory of 4780	3292	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c35b38303461317ca2779f4cd2d95fb8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe16a46f8,0x7fffe16a4708,0x7fffe16a4718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7054130819170391866,13131306275890488585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
abc48fd7cd6c006eb9f9c5719748c9ec

SHA1
1bfee875209e5a39e65213bd25322becf223d1c3

SHA256
862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93

SHA512
62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e29cfada3b8d888ec4abb25631488f31

SHA1
a084b8bf40db49e9f99bbe3e847d6cc1f6dd4a7f

SHA256
3b0a2536e1bb2f91376d204feb9906c0e1d28b2f6527f23199454d248e884e63

SHA512
fddfa14a689be405f83f781a9af9f7c8f685401cdda3ded33632df2fb80b9b9f1307db32385950a717da36b4e829cda8a625ab0c7dcb1ab5ad51fccddb365a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9f75a00d247e37d65a82eafd46cd950e

SHA1
9249e048f381b8fe7f24a1b705847b270dae8c8e

SHA256
61edbbb030490d6e9e7bf1076e26a9b71c2ab8344a28ad9bcbbb0c5790449aad

SHA512
2322523425fff0bf71a91160fa7c977f28f7bb168031da189578caa1cb0cfe03eec71fc887403920b64275f2fe17d8101f8cb096bf2cf0266ea1a9d716b4400c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3253cc6cb6e240e3d8e54070841a5486

SHA1
87b30aaed980e38a9c2b51a5339d87a60aa401ec

SHA256
ba261d8f4112ce321870cdf4bf6e2c0b1ea7a2c2d76371c77ebfcec80c87241a

SHA512
fe5ca1a9d195f6350e923d8679f569fad45842a13531f051c39fe85a2b677d106aef42603f377652307e6b7521cab82adf51bdade3376e587b9e92253f8540f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9214cc0bf7dbc98cea9277f618dfd804

SHA1
1be2818c11877bf94238c6b7d37c79be33578029

SHA256
0284535e855d4f1c00068d225ae915df6609b141125d5a539355edf598c79aa4

SHA512
3ca970fcd4bc305227df8d2a42472cafeb00ec0895c174f265be2b4d29ad1876cf081adce51d7af9fe23041786a7379a138fb11da4c5d174e905104dc11996fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd6ea9afb0a7158163391a4ea3421b55

SHA1
67f44df666547a411a2dbef8b7578ddca3ba0868

SHA256
7ba3a3969a3dce13cf112d52fbcf53d5f28300229e80ec00a4005100f3b67a1c

SHA512
e02435a2da2b22b4d4e1a1019f87d0f34963a6cf074708b82bb04127850237bbbb86ea1c4d5ef037d746abcdc5fc3f5923194c892d0ca8e593c69b48210a6d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c876520f3a902ba739ea5532fc74b1e4

SHA1
00fe6914999f603a0d8bc7af02fdbad41ab6f3d1

SHA256
5ab59b653a1f6bed92d945be78b12a0b313bd4775b1c3636d70fe60abd8f7250

SHA512
bb603c74f346753e1c335790e105c2655349ccfebd009f5cb5f116c9dfe4db4eb69442a9dc875ccac2ad11c8dd862f6adc796840203cc8c10f0413fe48612de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d585444cc17b6243e3a2d92a6d559559

SHA1
d164cfafc43832cd07a59ef1dbdae62e607bfa50

SHA256
f32eacfdba5cda906e9a9cc8b2a7e1bd750516ce7f15c609f3212cd6a7131217

SHA512
baf003d04350b60fd2ee0d11c4c492f0035e82074516735045a320f3b1814a5e3ea7991ba92135dd8c9f4c36f4e9dd56ea1b327cecf6fc0c94ac902a4e3da26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b80a230cbbc0202251383cab874ae37

SHA1
c221165b18fde38f8af013dcacdb6864704ee5d0

SHA256
e0fb76c9b8fb964745aba00f6923e11c6ca3695d70511c7aa7d6e95ce8301bcf

SHA512
d5dbd1e326eeeb95f8e1cc5293be584a8ce760d591255fa94367e5e365be40037b85c8238ba33cb031e3d1296b3eb4b95a677b55fc631657260951c7248229f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ec9a6fcac2d49cfa1c2169af097b1560

SHA1
a74b8f46112256d411baedb9faecbec494b338c0

SHA256
865b4f87d6199030fb9285115ea4a698e1884c5f6f783a7b0845483561d4f43c

SHA512
c5934ec7bfd311de476af37a39ac56350be9f76fe900fdbb3470850426b4556548c2eb44e39cc94a91fa3b0200a61701a3a2faae06d8665244def8899dc02c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58430f.TMP

Filesize
370B

MD5
adc4567cc49f466e4c59cbd454c4be2a

SHA1
d081f7598fc81349b96cbebf0bdb02eb3ff447c0

SHA256
caac8146d3a23fe44f78b63982a25ec6ace03a4e83322ffacce6cde074d49102

SHA512
e9a919ad9e847f1d1d86cabdd46ba99c0e670132523a8a6969c97d55727070a5207c068836aecdd2f88888770dbe03eb961295083a921cca0b3148f95ff5318f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
532283411ee52e5f66cc6465b0f93948

SHA1
beabaab0b4878137c0cbf8548a05e5b3f2f5256b

SHA256
37b44d19858b704d7b4363904379c55b7b44384f0768c4206319f29b597ab9d0

SHA512
f771856b6419faa52d9f42cd13330a0e51b16ec3f5d19cdf5d636ae809b86449194ba4b176a811489ea7412350b810771cbe37e5ccb921091b63cec4e1b6fdc7

Download Submit