056b44af4de27a11830ac8b03fcc44993461d4b1ee919d8ddabc81961aea786d

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04c2a70c10d641ebc5fc85b6f81088f2_JaffaCakes118.html
Size

54KB
MD5

04c2a70c10d641ebc5fc85b6f81088f2
SHA1

87930681e2ebfd8cecdd4d73d0de82c7a0576bf6
SHA256

056b44af4de27a11830ac8b03fcc44993461d4b1ee919d8ddabc81961aea786d
SHA512

b3ad350f7fea4baec9a1d8f4a605b7887ffd62939b64ffc0a6874f8a48ecea9f81b79feb578ba05de45805368f6f51b2d8a3016c0f04eb196035ffcb9c29aa2f
SSDEEP

1536:SEtG+ARMICs2yMOyyAW4mNfnN2FfrjmJxc0aKBGyDGbgPEaH:SEtG+ARMICs2yM2AuMrjux4KB/GbuH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1748	msedge.exe
1748	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2404	identity_helper.exe
2404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 116	1748	msedge.exe	84
PID 1748 wrote to memory of 116	1748	msedge.exe	84
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 3460	1748	msedge.exe	85
PID 1748 wrote to memory of 1900	1748	msedge.exe	86
PID 1748 wrote to memory of 1900	1748	msedge.exe	86
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87
PID 1748 wrote to memory of 3288	1748	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\04c2a70c10d641ebc5fc85b6f81088f2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9902475872713920375,9045522600752525342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4e108603177a6e528aa2bcdd4c53b062

SHA1
40a8e6a18ca9ec61a5065dc86e3aaad88aa6452d

SHA256
5f701ddbb5bd62314176363d5802d8ff2275b7af075d4339ca4090a54f099860

SHA512
665d2458b2ff7684daff69ddaf5ac4efd8bbb6f64e604119b53cab3f79c8aa471a661d5e0355fba89390f2416f57e547fb4ceacc6b223b1956a70d4032b8e257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
06b053870aeafb9626a3b5811ccd994a

SHA1
d88305e47ea47e234be3659546db33e5bfae8717

SHA256
c3fdeb105b90eacca573ba56b3c14fa5a8690400884388cc0c789d20b9a4cd42

SHA512
f2b890bd469f7f2cbeebe1e3aa1c6ae5aa01d73e21b60a55cff405ee4bc236ab8d1d494b555772b2ec1370f5b508b1aa6edbaf30024df01910e28b4c40b66627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c60c9a3c8df5df960bf6bd4c4cf2faae

SHA1
f9b131a7ae8f7591ddde58c71ad7df89a844ec60

SHA256
0de8f04d2cc4fa793d6a406fac03035e018d489b6bfd075df7383bc8b6344e3a

SHA512
4fbb9a3dde7d00aa2555dc1bec77fa4f0a58574e58e29d492c7c1062eba3a0b2e201434665bbdc35b6738a7d268323b5e9602d1371d72c8d237ab60828fdfa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d5530a47774e584c65833e2f58e65dd

SHA1
10fd8706246f71d746a75b4617f69416c5f80204

SHA256
9dc32f0c218e129334024c2381db77e6f71e6825a26a3c655aecac0cd42d88f8

SHA512
018fb99fbf8601f935db1d46fa23816ff689244da9c34ae489145f0107d0781eaf58c338aa1b0023d7c9cd2be0b5a404935a8ad6d421dba66b13f9edd104e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
919af5e5cad10bcda404d79ccd9a9bfc

SHA1
b57e7673363776f9eccb739bcba75c54c95423ab

SHA256
bf727e1356e4c520c24808c2e955dacd4e6389d0a5b57b27808659579e28d245

SHA512
d2ca7e648642733da7bbd67637810c0e0bffce7a431f19f04ab50df33e1526b48f069ddfc9fc424136aa072a3f956e0c59a2b2d33219f39642264ef47230486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddd5698cc47f56c93f5c90071fdbb652

SHA1
e11bf75b535b93ed78640481f4d7c635a476d46b

SHA256
c9079afdef84d072f9a630d0b88bd15d19877bf582d36f39bbc0ce165b416863

SHA512
dd69c32b32f42406fd750250dcd22c299e20463c0e66672353d2bf1a24121b1f769e2b4d1482de45fb5ff7417f1e60363feab8774770a79f229dcdcb05246d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
8448a370dfd31a5cf02c66b272cd9ac7

SHA1
6ea51406a01fdeba11358dfcb9139b71335dee03

SHA256
46fb1e04087e840c2133a451b6f012d70613be232648ac1e226e4ec64d1c91ec

SHA512
55b4c0cba1f2d048401ecda84d1ea72bad5ae5347a78e726291b8458c33a3e00370ddcaead2cc01afa67ca8ed3d7caba3ebc6cfb1a90c25dbada20f51b2d0aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
87fb4005275d20d7d153bf8672df370e

SHA1
dd1e463e6faad34b9ae19adc630ca1b883d86dce

SHA256
8d58f671e9c7a539305c2a508917220b1db934c79a7828835485ba23c35a4442

SHA512
ed1b7fd5dfb4f825ce5810dc1975215ae19d6dac3eb8fa15283fd580009f1abc621587996af31d5977972f334fbbc2e56be7894bc1347242beae0713d7b1b86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f1be.TMP

Filesize
203B

MD5
0d1a032ccb17384657132f3bda7c6581

SHA1
818ee56c9d1f171de8d5c0c41ece16fb2e2f0a11

SHA256
85a2753f73cbe31e1fbe0c26a3b2387e7895cf9ca1febba62561aa8652731a34

SHA512
543d9100a0b7a563ce4a6017b33aefac2cdb66fde3c1ac4057e79a8471544ea5ed0e69f6740833b7341282996c79fa4038df4387fdb46ccd664cdb1ee3d0bfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
342239f1a304a4163bf770be3f1324ed

SHA1
ad5a756f5fd75653329ee5e8f63789bec3768c39

SHA256
dd3339a337ffac99d430a33fcf2c27468e719dd8b0fd89f0d04a2e8f802c2369

SHA512
2d8e77bf3f7a2eb372628af020e74ed115254b10a36804dac523574c430430196b95b080ea77dc67215f3c58a0a73e07093522fe1fac80d837c16380c38f656b

Download Submit