db1997f5864240522fdbf1252619be7d498be61f26aaa56f3bb3d8f79fcaba7a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2208bcc85952580394c0bc8b7a53487d_JaffaCakes118.html
Size

394KB
MD5

2208bcc85952580394c0bc8b7a53487d
SHA1

d61a6690ab7e3a110dc76313d4a763d04acfba78
SHA256

db1997f5864240522fdbf1252619be7d498be61f26aaa56f3bb3d8f79fcaba7a
SHA512

b05d2a8d8a3110c9b7bf426c37ad471f432540756207267c3998a08478043482442ca00b5718cc6526171f1fc5b0af7542780f6294c904610c77eaeb767d4f1e
SSDEEP

3072:OsW6WCiqYxDNvG8rmgcXmNRSz7bLer71BMn3/YBmGbeJPeabLLyeDNdTFzNzjd8O:2DAXmNR4adEW8XyeDNdTFzgY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
2724	msedge.exe
2724	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
548	identity_helper.exe
548	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2788	2724	msedge.exe	83
PID 2724 wrote to memory of 2788	2724	msedge.exe	83
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4212	2724	msedge.exe	85
PID 2724 wrote to memory of 4796	2724	msedge.exe	86
PID 2724 wrote to memory of 4796	2724	msedge.exe	86
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87
PID 2724 wrote to memory of 888	2724	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2208bcc85952580394c0bc8b7a53487d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0a346f8,0x7ffed0a34708,0x7ffed0a34718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7464389064145173830,3487765226885617217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\126d3f0b-31bf-4c96-91d9-6f03c88997ab.tmp

Filesize
538B

MD5
0222d58d016ffcd74a7abfc5f48f49a5

SHA1
1569fa21392dfad8392dd4a65eb29630805c8233

SHA256
c5c7e514b4d500125f4fa9c9314e140fcf74b5ed4d72228e1268aca7e8001ac0

SHA512
401b71f1119ece121ba118f28357a21e99789be99ebdbb10a4dba84e680f2e4395d3afc78f5b50dfbcaaa7aaa424717ae0e7642ac2dff2fb7a4dbe4956b6606f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
8b41d9e82bfaf51825f94b0bc9facf25

SHA1
9f988a1b5c14425843d77bccca491b419f115816

SHA256
c0396130b9807c0b45615aefc58fd118f64899622a1a15e5ee6a88ae3516704e

SHA512
9d1caa1f3fea8e19eb0b8dd6c131665d826bbe85327757f4469b3e41c3c5dc77b5f3ae8bb2360a3979b5607933f7d5f7064abd1f196f7729e4ee90b23571c011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b657711ffdf695bc165efb287f18f474

SHA1
c45a46176ccd4e9bf7382e3dbf7fa47a23586c41

SHA256
0e7df746449ac29a5651fedce20d77a1f49d51fab912f2b5bce3e3b91e488cdb

SHA512
e1e084615079362a0096c98bd41524450974051c05bbbdab88559d2f43fa05e6cbfe5db2b9cbc2f5abfaa882d3c97c3869744b121935436fc3ac9410532eba7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e44385bbb5847f84d05d55562819c034

SHA1
79951460580b5dc2d148d31df0001908eb76680d

SHA256
0602cdefec526251554ab86b2c569910b4a625de490d810118ea4d208b826879

SHA512
03f2a684747210f2cade1fa79261e47c155c15fd27dd06f207c2a04da78659a163c2bdcede45bbe90b3220434b3710d5dfa9fbd60ee50120f5dfa02fabae7d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3241a7bacffbf3f72b870d176264aaac

SHA1
e6129a993bc54047ec39b3c2990ec5f031f6a787

SHA256
790830a6764eff9c54085d80e2377b4d9895157d12e35b5d4f07980301f58803

SHA512
19efeda140a5e500176234f1ba1cccd0cfa3f9e514909fda7d31ac53e5abbcfe75be8039f295924d508d78e1389abd9f6d608f408d3590735d650fecb8ac67e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
377348e7ff0817ebcf8cd81562f396b9

SHA1
378f4a8dd5c36f5c98898616da95dd76df14d5dc

SHA256
f25b03cebf18af335f288b6f27ee5bfc37471de1949b3da7165c26f9c69642ef

SHA512
7474932c8c4b3e3de1b7a76cf5ae2d25efd7bc107e95e8b36c9689b2b250fdca097c24acd9ba291a202d190bbea6412f889198bb3a4e7afe547839dff7b6286f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9be8e8511b6518bfb0cec37c5b42359f

SHA1
76e09b4203d10ec3264181a1381be247eefec714

SHA256
b85c8bdf0a57c8dc65efffe0c1967690c8b96c2a4d09b37b360f7cfbba886550

SHA512
64051d9d3c6cb5c8edf03ee00c376bac2ffdc8417e9bf560b7d66efecb69de98c9985b76b305735e5606183c61a0915196d6454cb4282933e3b0ed029652055d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84a63f5a8928b77bc6747b57c2e047a0

SHA1
8461a27300a18caf86bb7aab933018f0d4b699bd

SHA256
3478df59017ed6beb11c0a3b41c4b236f83b87998494cda1771de12d5d2f30d1

SHA512
156ff5376da146e96180f489ba3aad2255a966d037a5ab5793eb0035d9d4648d8d7105624a073919fa3ac2da6bfa3564895be73b996b1753d4da78bf1560c46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17783cc525bb94a676a16bf5b49469cb

SHA1
8d660b5cc2ff16a80dd82856d23368c7855ca158

SHA256
e75f00ee98e71bef15ab5c10ed44c6c2f3ec4117ad963bc4b41568a090685d57

SHA512
552043a4a9286c7e9447d328b38c601f51c12a87c6da519260a7a7dac433fff2778e92073fba39a39abfa508dc1f4189d347a5089a594f9b89832219a6772371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
53c7cf0ddfaa22d22938d99db0431345

SHA1
d0f1e75280fe86654248d59e5c3cdd3708e30bc5

SHA256
dc04a7fd5fc5190be716c61b557404bc99b45ef8a15babd086c4f1f42e72898c

SHA512
bcd26273710a23418a28dd8e35c062fe018d7b09589d7f7ef8b8a4b83b877186bfd05b994d791bfb9cda43fdeac1645fa54bd2d7f1e931d59e0d3da8d4d29b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
254cffe5cd48528aac1a805a5c53f0a5

SHA1
08813ff2195ba49370659ca1ced1301f9176518f

SHA256
d7ce3353ba7a6968bce07dbca8a91deb4d40fe3ebcde44b6ff7f6ea3904e2ae7

SHA512
da74478d2eeef05689f1a8d9c14b054c34a2d7b2e2e10c998ed0bf74ec7b24f19a138269a7b5db39c31c490cb44049b1a8e9cf880669ba48223a0fd44b0eadd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804fc.TMP

Filesize
203B

MD5
76b50911bc2205e047d3192fc6d87a36

SHA1
fb050b3230f369831c37255ecc5c141a6a6d4a7f

SHA256
435f715a626c44edb62495ed3a3c38e97e1a01b22e24047ad4617778940db88e

SHA512
97b85f8e7eb716ec049f16d5602a76a85f0e0ba8f84d7fdc6e574167ee360a9fd9076e417b2e3a237693feff15159a59a198f8c383b80692fd796cbbefb30182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
013af6af98e6fbbda95af2697ec13983

SHA1
d6ab65ab37a6193b594756d3a9a1393866867d2d

SHA256
6a3c228df0c0618eb2faeb3228f92ccb5c8798cbeb937dbd54deb23fc41519ad

SHA512
a91027896e447a44b4afc5b1fdac1de8b8bdacd8316db794779a4829a754c6347f319d19f4f9982fde907bc24552d222de31e1c79ab8e69afb8c90713e62b2b1

Download Submit