b418594770d54b7303d155824e453054f5d80bcdf24404881f4b7bea150b4a68

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b932cbf6bbf8cd99c7c113f1c926008_JaffaCakes118.html
Size

282KB
MD5

2b932cbf6bbf8cd99c7c113f1c926008
SHA1

36199a8415f11b6b94f4caa12542c790d4d7d45d
SHA256

b418594770d54b7303d155824e453054f5d80bcdf24404881f4b7bea150b4a68
SHA512

40344a653500c33b6495746896a260851b0b346fb78def6480c1da0fb38cf38d1f3ed09a486c92cabbf02eaeb5036466504974f146e41ac4ff9ea70bc99608f5
SSDEEP

3072:OgW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGgU73VY7RJvfy3d3ABa:CDAXmNR8/Vn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
1200	msedge.exe
1200	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
3360	identity_helper.exe
3360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2412	1200	msedge.exe	83
PID 1200 wrote to memory of 2412	1200	msedge.exe	83
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 3908	1200	msedge.exe	85
PID 1200 wrote to memory of 2712	1200	msedge.exe	86
PID 1200 wrote to memory of 2712	1200	msedge.exe	86
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87
PID 1200 wrote to memory of 1956	1200	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2b932cbf6bbf8cd99c7c113f1c926008_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba93546f8,0x7ffba9354708,0x7ffba9354718
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,653364697951690939,10184552392959120590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
8b41d9e82bfaf51825f94b0bc9facf25

SHA1
9f988a1b5c14425843d77bccca491b419f115816

SHA256
c0396130b9807c0b45615aefc58fd118f64899622a1a15e5ee6a88ae3516704e

SHA512
9d1caa1f3fea8e19eb0b8dd6c131665d826bbe85327757f4469b3e41c3c5dc77b5f3ae8bb2360a3979b5607933f7d5f7064abd1f196f7729e4ee90b23571c011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
32e5836ff8ff78d957c281d9635abff1

SHA1
7dff47339969b58486a016cc5b079a96d6e556d4

SHA256
1d85a4b2b66b87abb24af89a27b94bef9c4f6bebb98b79503bf82ad4dcfef384

SHA512
d4e984d17ea3ef71a02f2fcd1a62201473626e3038c8b1e98999864a94bafa35b82e5b29b94873d0217008cd4d933ee57b76d55952fcdbed06ad9a66537bef9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2fe4bb44758aa5454e590a96ddc85d0c

SHA1
d1e0829cd0d55dfb4aeba8ea7731d976c3fd038a

SHA256
fd9087eb576fe75dbc2a69ecd40f29e0c7e2c16f18df1570a823ae9d31b7937b

SHA512
f4708b06597cfe937f2e57b31d9a2481e7c4d9e0424f88ec2e56401b6a4ee7edd5856bdad70139312ef90c6b8723673a171ea4e04b1903936a84b2971f13b959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
72a82c3c350b4215b48c55f012793b65

SHA1
c1a2bba3cd8b308f604cdf86a5d946cbb17a8536

SHA256
eedbafbaa7fc8263a56d9b29c07ddecb537a1bc8d385a990a1933c54209c733b

SHA512
16925e8f0d4787cb82d484bf29c3192cc5ab96325ab18817cc8c17fa22c4a5ac105d57a525f1f303b5f200f0b79781a8417108a2e2e4040ad9bbee65b7a7f637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf7e1aa2281b7d1296c93a0e9f90e60b

SHA1
a1a7c4c48f6df7924854a9ec380878582b33375c

SHA256
6f63aa752a999e8fd89a5a38fdea62f9e8a547347527aba8cd43f6ba1feb0c70

SHA512
ccf1808370602b8f8a743d8eac6cfba09a06e3ddfbe4564b5a33dead17f85b4de81e0cefc62c0fbf24d8621bba7f22005a0b6e3a8318db877117b3922f2cc975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cf073c888c026522f5b0984948ece57b

SHA1
f8f61641daabf6f246db50981b67842686cd4a46

SHA256
6a90111f2a658c93726c5274b29e9dcbb2dad920402dddfdbbf1e76ce760110a

SHA512
fb9c8339e4948344ada88b23275aa197c19c75f11f3012f2ab6f76e7437ee25a10cb0da7a2afed7d01e0e413b0307f3815cef540c3546849baaab4d429c681d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7edc70ac0efb1ba36ade9a44d6324fb

SHA1
006a6e6bd75c74b159a310e0be327277b57d43e0

SHA256
94f874b2fc3b019289ab2da990e8d824c4da8a0390c1df11967254d1ab2c2c13

SHA512
046a1c3f452b9674b735b66ddea5e367345df0cb6677fb19e0d013e1d8b4327d4942a45cc8899e9eb33b235bc276743ab4bc47cb39397031cd99c59c950b6631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
693B

MD5
d8d7da061eb068a751b231bcf9f05420

SHA1
ba4194c2a21b014fc3a6f33404372cb4a802ce01

SHA256
f4f779813e3ad5b1f358faed532f5907feb8add397b182a306567d5963334dd7

SHA512
29c472996aecbd59cc69fb9e2d89ded2211bf6575218a63a25a292115896ce1dc86d9542d82cf9a1f5377fb950eb659473553e83ad402267a5a847041c7575f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b46fdb3aeffe10ee78d1c92473748c22

SHA1
6d52190d8e58e94ea09849044c07d57aaeb3d533

SHA256
8c7000da2c0a011304621badcaa00a160f2b6a8bb6ab3161082d9781efe2c420

SHA512
a12ae2215d72a43ceddbc64f29aa905dcb4547b1753cd693b03aca14707f75b596d7413993f40561f7b3fe63dd7a33bc93fecc4edf9cf1de79fb5f6ce335043f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
530B

MD5
05f1bdfb6ced200cfbfb8d32a31fd00a

SHA1
ef2cecee7855cd1d70847caf823170c22bf26142

SHA256
e2497e12ff378a0ba9ba3e579e89353af403cf4890665ec0dc8ca076b142a36c

SHA512
77c48b422e219c63d73ae09a415c2cdf9c70d61ec8c10f13950edeaeea2fc36891acc0fd22cc309cf5e22838cdc572043351a285f01169447b0b3d1fd8b48179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582575.TMP

Filesize
203B

MD5
d6d870748a885e1547785ea39404625e

SHA1
c98db8da48015dffe5a0d4bfe42d0ac389eb5df6

SHA256
432efc7185cbe1b7472d1aa6b6f5bd3977012bd8df7d88aa72f9be2b31e8cd0a

SHA512
ef47ba105525e14883b0f412bf25ece666d8b7c06bb2852b1b76b84763ac85468fbc0da5ad585253deeb069c873781ce505a88b34af841aeaa8a18bbbd46d33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee8c500d-7f80-47e0-b58e-f297af7704db.tmp

Filesize
1KB

MD5
45821640cb79f9875b54a913bd6decc4

SHA1
1cccecc4dce51e0dda95279a0050f28cbaee9317

SHA256
d0eceee55b2252d429604ced6f6795e89740d85ec5f07b5a45c2528d4b4cfe71

SHA512
8b4ac932fdcb92c0d40f0a74f1b7891526d902915e2ec586578b28c820b9f6212ca4ca75f469591edf70522dd1dd46e8e5306b4699be7ce07a8649f3a727c358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc55cda7e096c611c633bbcca18eb330

SHA1
b173646f82e7eb2b4b1b0f8f6a57c5c356a4d09e

SHA256
693bf43321efa8bf893506ab57f7edd1719f6e510e47b578766b61a9c60547f5

SHA512
5c71ddbe996afa72922e02b8e421b6b5762ffda048666b5354a725f173327664dbf7181896f84c64a4688f673fb3b5c1b9be553299855cb2eb915043e7e696b2

Download Submit