b8410f9b4e731a49472bb4e6810409b043883d450e65f7b362b9ad507665060f

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d06f2127ccfdca9142a156ba113327c_JaffaCakes118.html
Size

57KB
MD5

0d06f2127ccfdca9142a156ba113327c
SHA1

3894b1fd379eaca51abd6a922f9f330d20a5310d
SHA256

b8410f9b4e731a49472bb4e6810409b043883d450e65f7b362b9ad507665060f
SHA512

936a3cf7b1e424e1ece7d449c58d0107531c072cf64f37444efdf789cf1996cf3a65cf1f277bd1658fc786a7d1d5d1013caeca4f1e88a159a7bf19fb984c7856
SSDEEP

1536:ijEQvK8OPHdsA1o2vgyHJv0owbd6zKD6CDK2RVro5BwpDK2RVy:ijnOPHdsR2vgyHJutDK2RVro5BwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
4876	msedge.exe
4876	msedge.exe
1120	identity_helper.exe
1120	identity_helper.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1124	4876	msedge.exe	82
PID 4876 wrote to memory of 1124	4876	msedge.exe	82
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 2156	4876	msedge.exe	83
PID 4876 wrote to memory of 1612	4876	msedge.exe	84
PID 4876 wrote to memory of 1612	4876	msedge.exe	84
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85
PID 4876 wrote to memory of 1052	4876	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d06f2127ccfdca9142a156ba113327c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7520116178681801070,4879194667378681897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
f059d6f1202161d7e89b3fd1df29de89

SHA1
3195166e8f74262711be00e64d781173b3d93ecf

SHA256
13dcbfb27a81206dfdf59e51737da8e3c6118663033d3c03bf747d253e30e9f8

SHA512
6b1b6c75ab409a45735c5a226357fcec6b07f10b73cf2c14403c21fa2f54fe33790ecefffa818d31c7d1223dd2c435cb6dcea2bdabd46e86c518dc983d0c0716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f847e3de83e887a7d9c9f2e652a92726

SHA1
63f349fce811b57d1d0ccca977e3c8c1e5b46c0a

SHA256
e028e6b112a0584fcf56c7c4e292e95e39bf78f780d216a3dd9ee42d0d78a069

SHA512
e7ffadc1145de8765d0d758cb3007ed5dc8bae74c7ac6224e91ff3206bc84e532020c0a61bab43774bd6b4506bf75a7451c76fd3aaf855927e7c469ca54ba3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70f0ff2118c133e83d2c21314f9f0a54

SHA1
9f04ecb1ec5fe1268dc58a7b8c93ef3505e5db46

SHA256
be249ae7646cc8a1146419156a31f6d623ce8c5c4d0fb387cff465d233902905

SHA512
829f076083f43e212143bb85626b77281966445856cbb5bc2b77b0528d483037c781bf52a9710bab29424328b8a950f2ffef87ac18619a3b8305f9854f1fe1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
303d1b8df7e6838448a54d93d6ed343b

SHA1
d6865bb7028998bc7e87e259644406e6427c1806

SHA256
db205724c6c42451e2cb84c00a63bc2ed4a9406d2614462fe5df9f07285c5a69

SHA512
f707056508fc3315513bbfd6fca281bc4a3678d8bdfd1d202e9920f014e562d9288b57c8118b2373555487dae0f78cdac152a2b0e19f06ca09df20bec94ec19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99098c2cfc79ff889aba68f863541966

SHA1
ec9a5ba7d1ff0cd669e29a795340e3a31a4aa4e3

SHA256
8506f0166a99725db2508412131e57a5d7db881c5093b868d8138f9c2f8c51fc

SHA512
03d64a1673b5e80aba69ede535c6984c4496ba20c91a89aa196ac54d73045aa6f6876949a45aaf8abcb40fa288d459d47e7e1ae8acb553dffa792f4c1fc69dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66d6c34bbb20a3966f4bf4baecc2363a

SHA1
9881e6866320ea2f6b205407c6578aefa95e0d36

SHA256
13276580cfca8adc1ee94e4643519e725ea80b1eb2c822dd6e6d5979a71eb4ed

SHA512
9f7a64dadd24307a1b1675fce7e569d80d048bc5f98425f1add2ade5937ac8c16f529572acc190e5e0b784b5a072de9540d5ecbee20674709fae961530f7b099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
0a1dca755bdb1522d71db0aeed4a978b

SHA1
5f23cb0f15bf4ebc172a6ce3397b541f075dca8d

SHA256
917567442bfcd992ec5cef2851420d81bcd2723bb0b41840fa54424ce8a2847c

SHA512
f46e3de3c2703ca8d5e7009a3912d45502e33430aa6da4cc55bbdc7dde7b55db76bb1e66f62e080b660271fbd198e934444862fe8425494c2c8efbdb84f48a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
863B

MD5
1e3e2967b301c4660cefc1424b09a064

SHA1
9291854ab599e98c423a80d0a94dfc9b5fe4c85a

SHA256
703b7cf7e911d349694e369aeb2174d02f8c69318b0ce8268d5d7d710037b197

SHA512
c90c061638465636fc0509531f2f31e7918cacdc7ee585727991c98a9e7681b4674b76c8693651246185a57d78a73d98ab9fd85f432e7541d8744dbb04e230ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584002.TMP

Filesize
702B

MD5
cc3ef5bf61954f3c9f193a1fe8bcdc4d

SHA1
4667be0f26a91ae709d61004ea1e0802daecb7e4

SHA256
882651844cf3b427821d0ab4990300e2532a48522d4c8316cd07faf3b58891a8

SHA512
05290a6f68d99f4160a2689342bf2692971df0b38467a1013655a8309601726b3bd940cc9359293e2e0fe1bb91067cb42e238dfec796de9653ea9c96501174d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c8b13d1a8ea18f7f672388fedd8a731b

SHA1
f8c1c12aea5055961cc1f72483835842e02e2fb6

SHA256
006deb1cc243ecbd973880c16023c78859a294c36c4b5a7f6756f678442dea54

SHA512
71f47a1419bd1a80d80df75d2f8b76c1f8f82fc4007c2ca3d8ada58aa8618b0e5081521fc90f0481e69d3f548c4770302901a66a8bed50b3caed409ce70de985

Download Submit