464ccac59565688f151c9c3708fb767ae507302c40b747f9aee8c897ff51e1d2

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de17e4ea152e1fffe9d9914a0ce313d7_JaffaCakes118.html
Size

266KB
MD5

de17e4ea152e1fffe9d9914a0ce313d7
SHA1

433be943a0f71d83dd8a28691c0f668ad552b15a
SHA256

464ccac59565688f151c9c3708fb767ae507302c40b747f9aee8c897ff51e1d2
SHA512

215355b42d67fdd3efe1961bf230f98f4603fdcfcf63758539b12371b495591d11c9a924cd4937562f7ae359ab9d119c5f78cf9b53a3c3f5bf48c662e4c95bd2
SSDEEP

6144:N1uwJEJpQJMPB9ErL8wQvtK3pzOm/P/UWtBiuQiCHVptnTpyglfz4Va+tMZrFWjd:N1dJEJpQJMPB9ErL8wQvtopzOm/P/UWr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
3428	msedge.exe
3428	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 2972	3428	msedge.exe	83
PID 3428 wrote to memory of 2972	3428	msedge.exe	83
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 716	3428	msedge.exe	84
PID 3428 wrote to memory of 2640	3428	msedge.exe	85
PID 3428 wrote to memory of 2640	3428	msedge.exe	85
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86
PID 3428 wrote to memory of 4848	3428	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de17e4ea152e1fffe9d9914a0ce313d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12808380228492926523,15550974344455078266,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1557c0e1-706c-4470-88b5-20839cb50301.tmp

Filesize
5KB

MD5
fc672af9df6b2a0fb52a20eecb74b08e

SHA1
8f9d4c57952491c317e3c3ecdc652b3e00a6f45b

SHA256
2a598a7775ee67f41c789bade207bab9d8297dce96691b80865c743700a53dd4

SHA512
a5ff9c5b0eddf93e4840dcf9f62f6bc17fb4b2ba17ea7049291772387d9cccf57007b5fbe31c0921e916ddc96320d40d1ec23f59b8ae3ad9eef47394c51fb2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
c592fda3a5ea675b9af847d5d88723f1

SHA1
ef6e32fdbd42b54fc9f49cd9fa24ff3082f57aaa

SHA256
da035383ceb9b4a7baa7cad72900f2d0fd853214302f9c7c3d6e451af76c5244

SHA512
eadab98ce141c6772f4f36b34d62b1ede4d1427e0585e9267e47afc04d2b7ffcbe00745dea1478ccb421f6c3773f936097fdc4400cb9cd3347175b9a66a2dde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
bae8a57595d47e33ab9130cb30aa164f

SHA1
0db97dd57e6889956f0257f987722656251cc5bd

SHA256
4071bdcc824dec38f3d2e94e9e85d815defe98574968b2604dacf7e72e7d6233

SHA512
b97bffb72557f31c59ad303d6690317700ad9e0c11e855c105c2cc43f6a36d4c052388dd32b586c40b66418abbc84891d1279aada3678b5661b16176017de44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6cf1d2e79ef4dcc3543acb67f1e6fa8e

SHA1
61cbf13063c0eb387090efeb36a6dd87452fa0f0

SHA256
aa35148bb8609ceb95262b228a1587b6f472f6d7f059240a141191eba87bb653

SHA512
f07aadb7ddc26f262d1a4375e0915451519481b7d778e2e754110e6ffdb4d88ec11691bf2c4acb7a6cb58261f6fe8839940ef030dfae1168886c1e089e743ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0657778ca88ae6522d3a3ba0a3ebc946

SHA1
d4f5f96052c0d46194504aea889f45b2b40592f0

SHA256
b4547f41118188c0154aa26d09f1576e3bb287b25695fa8e692caddc02eac4fd

SHA512
a02e9943333ceeccaf39afa8471f611423549c0b265c2ecc192a32cc09bb679f166dedd768b156221048c3a1eca5955eb371a3432f393398a8da62f9487fcf6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f73db980fe1bc0752402d9dfaf4a9e1d

SHA1
1ea079fbdc5a22de16859fad6a1c48e85671abfb

SHA256
2fa73b3ec5418b13a18aeeac8fee2be072120dfb67e246d3f76015f696d8541b

SHA512
4e89f1f87909a3bc11b79ac883e3dc34e943ae651af952800b013669b41d76a1fecf622747f0759cbae39eea72609054e3d19c21dc0133b1dd40089079a905fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
128e05abe5d3b4af3e480f9c4e51cafb

SHA1
8dd8376f493e6de1c6495fab6d6d36dee63e3839

SHA256
3831e76a6a32e0af62a7ca09bc6dddd6c7f3fc9a362b023e2bdcb95b5762a38a

SHA512
fe86b6304afe77bd9c6ecc588cb10aa857d601bd905b10a37f8c7a08e66d8f11b8737fbc988e7b305fc1409fb56e9d0f3078c33c6300e2349c61bbc33596ed2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8ff5f5e787847b2a19fdf32e6aeece0f

SHA1
7419fe5a090702620e5a43081cc8368a5dd43ca2

SHA256
13459a245bed3b1f71aac12a101470a899819d0c0e964024caa89d56dbfa0f0b

SHA512
bb1d6fea7837264aea9116a9feda1cf0e5a97633a69e00bef31a9182bfbc5dbf4732b470a4f41ea629796c745868df70876b8d80742ea9d2677e390482c30e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f27c1316e987fef96319faeecbfc0a2c

SHA1
99c1f4aba7dd6af98d5ba93ba6d8c1d9e1fa9bc1

SHA256
8ae9c60a234d4851e02bc04f66dddbbe0ac69927325632190dc6599ffc12b275

SHA512
e40229dab26c79a76c3ed9b92ad43df34c7c32e25e66d0d3a11412732256c6bdce69447d504e3fee7d8a77bc2b5354279a54736a4c15fb2a2a7c73eb99083052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d78.TMP

Filesize
204B

MD5
30c2908c96c80279ef36c9ea0494d4b5

SHA1
6e32b388473d50f0aae21c12ea9ec652d38f9144

SHA256
a4c3b3fe6682ee60e0e7d53063ab0ed4f5408328c460010ceda29cfdef83346d

SHA512
cdb6225a8d886cd5ebf32e276a548e43a40600a0fecfb0dba2880f9dae61e1b3180ec7d673e6e85b3e518fc9c7d34ef5037792d516c22ca3fb55f2ef85d62b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2de5d38539b35b15214ce167d02ac386

SHA1
7abf3ef31091a197ac24190d4116756f413a732d

SHA256
844d57d5b1b617aee56afb875199359c90110f5f7770e648157c1de42cf8a425

SHA512
eb4a0e81e1da406168c6abd640802d2d473872a7cc903312c305d4b8fdd8b7cc986d96f62a3e8ad5a27774c0d20c9037dbb668ee1e3c074a096ce0d75924256f

Download Submit