2fdf4306b3c7cb8bf10b55586fb68be25ba58437cd9c19683403068a39af5411

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacbfeb9f20bb531a23cea04c38c3167_JaffaCakes118.html
Size

25KB
MD5

eacbfeb9f20bb531a23cea04c38c3167
SHA1

67c1ec4e7b06933c87b34f021042579cec51c5e3
SHA256

2fdf4306b3c7cb8bf10b55586fb68be25ba58437cd9c19683403068a39af5411
SHA512

3a27287104a0817d14c06a8d31fe30c4796bb3310076c4f4c271f4d5ec9d3e87293c49955f79d3bfef8d08c09780921cc37d4f0804485ab1eccb43a3ac553efe
SSDEEP

384:UMujOQOdJiIAV9tU72y66zppc2qlmHf0af09MCHSm4qVFLF0FW2rzhpepJO46g5A:HoOQOKfH/fVFLF0FW2rzhcDO4LW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
2452	msedge.exe
2452	msedge.exe
2580	identity_helper.exe
2580	identity_helper.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4276	2452	msedge.exe	82
PID 2452 wrote to memory of 4276	2452	msedge.exe	82
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 4800	2452	msedge.exe	83
PID 2452 wrote to memory of 540	2452	msedge.exe	84
PID 2452 wrote to memory of 540	2452	msedge.exe	84
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85
PID 2452 wrote to memory of 1156	2452	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eacbfeb9f20bb531a23cea04c38c3167_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fc5b46f8,0x7ff8fc5b4708,0x7ff8fc5b4718
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14953118058989285722,1670935582005535575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1dea872bf6355119daf2d50ef264f9a6

SHA1
0a66739cad6627665ccb5baf23b73b9854c33dd6

SHA256
00986cb84b9edc514c061a717e9d84074a45795eae75d536fae308ffd328ce80

SHA512
dcf08ef0b7d4a3c57507d2a0c9351cac80741305390ca8d5b343315af64c7a77bc756f39f0836a9a964837f32b19bb754110d1a9b11fc23b5ed74a2c9b915dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
376e1be4fe881b23e8eaf8664ed236fb

SHA1
dd30a35d45b5bbee952b3be4f6549c58de3d6eb9

SHA256
e0fbc656871242b0acda9331a5f7e4b24cb8ff873d4e0fd96ff9d5e5ba8f9f17

SHA512
4eb0a370e353a03a67dc6a36f90c2d0cb307882298f8ba83beb599ae7e7c20745d672642ad6122d9f56a47dd3975e49f024a3655d8c37602738916ae560822f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
557ea2ff597cae8b3815eabb5ac028cd

SHA1
746a36b0738dec51ee0689320f00d3a2da9d7cb6

SHA256
a87a955d281c5c3f17dc658dd5b11146c39e97f2f4fc9b4466bd04d8b52aa780

SHA512
58622946684061b4bc783687ba096de76bdb9597f603dd6bfbe034490f81e1de89827a64188b2f7951394240381afa04af8cc45d887e79346e830e31a269b331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2b31119059d9a2f734775851c7afbcb5

SHA1
58c93e151b95d7115dce270496d539539c0567b6

SHA256
6a6be391bf1fb580155aa55aa9707ed7e1022fe67b47b285356fc293b20e1e89

SHA512
b7c3d8886938b4c2040e82e63a02b80720367de8f2e6994758f1ccf7249a8f14eb2f49175c596475d85832a6238a149d6e799eb69d47e2879072ddeed67054ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6e60e3365c672a8ada2222f8ae12551

SHA1
31492950343f556f8d29563f922414c9708ac9c5

SHA256
a2614380becd380193731d65966dedb55f276f1c7c53188d5d144c4692c02983

SHA512
6360e1fe290dc71558df44ae3df070862097de8d606d05e891882d2986e3f1fc927666d212d091948f41190bcd7c7ace3b651d560900aa5cca81bf947a98c891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
731a2536c8f90586997590c390d43bf5

SHA1
cea25e7ffe568e050d0698d8121ee82ec6a216c7

SHA256
fc851bab11d9c32ddd1aafee8bd4df2600a071bf76ef54df9ee71cf3f6cff48b

SHA512
27b80cdd1d5b11dd8ebde228532c5971cb6dcaf8aa6adc26721e0f7e4c69ae621d173cfd0723bbf857d89a8920ebe530e0b75d506ef5f7250d6ee8b632fd706d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08612850e9d3a7e92501868e1f808ada

SHA1
819e99111818512139e051fe322c1784981855f2

SHA256
215e1cf32ab7896da429267354efef957a3984977d848dc42769a4eaf5d95a01

SHA512
aefad8d8c232a304c2b66c563ab402622f4448a76f2d7cbf71e085fa8ec66b091f7cb8794598902ebbcc8f082cc256cd745c3f5edba63d5c2c547a7925d54cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6cf4fd208d0782db648d43e3610dda84

SHA1
1a115b391c3c63a7bbde573f9ad60f0c5fc4cc13

SHA256
4744b7ee66e433c14853783b606d13877ecc0204ab5fb66c363d94c4e09d56e4

SHA512
941448306678c9c4a17244c607ffec18b0415ca96d7c93ff0778ff3cc11352cec4decd2cb292642386034008fa97e099047cdc14ec7e86cc076c5b723620fc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8888a4cb7f45316dfe464174f0b70502

SHA1
cc50f6202cb60e9734cf73f11f1e92dee776bd51

SHA256
980bd3daf7e9ff09e0075d343113e40816aa1cb5e4c3239cb2e62f517544dc94

SHA512
064ca385077be21da8af28f76a90be23f99455e318d87ddc49245538a70e875542aa3e646ee4c83ade7ea73bdfcae170084617d9556f0d177caf82e2b214faaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9baddd8df911d6030eac71a5e9ee5f58

SHA1
d83ac66ed77fe44051dc4907b49cd64f50205eca

SHA256
649ea06cf8c3f4e1ea07b4a87e584a96ed2c0f9aa5bf34eb3bafc6bc2f679ca6

SHA512
a42caeb286e9d7460ac1279612f784bf9156f8eef010baa6be79afb8605a1a3fb90082778c7a50683190f7b80bdf20b6e87f225a13e95cd1d30893d4bbae0cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbabf575256ab7344d76deb89a21c7ba

SHA1
bfc84a13baa9d8408d1897c554bc5075bf0b1988

SHA256
951e63eeaafec9b2f2c0494d6e85f0ff0e9c2662fab406fc9a99da8b42afdcc9

SHA512
8aaba0521008a661a36225fefbe528568bbdb622602a8d0f4e1154e426b8d9b5aafa6182d85901e255ffc9b839962e5e7e25e2ca11927f961cb8aae67301b889

Download Submit