ca8b9f31461599995b7554ef1108d626424bf065a8b23286e1fb587bc39aaf55

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b50172116902a20b01bb67e56839eee_JaffaCakes118.html
Size

81KB
MD5

3b50172116902a20b01bb67e56839eee
SHA1

33e66f3deded9bcf70de0d25e22de31b251dc670
SHA256

ca8b9f31461599995b7554ef1108d626424bf065a8b23286e1fb587bc39aaf55
SHA512

e9b95fa82befa249ffcc9145a901cc0ec5ae2aab2a4dfa46c06afb6d996669fcd65e82f10cc1c90c1a0fd8d394546a261f195863fec66ad76876281962c237bf
SSDEEP

1536:7IRIOITIwIgI4KZgNDlIwIGI5IMJ7StIRIOITIwIgIfKZgNDfIwIGI5IVJ7SSDTw:4DTy29H9CZPGDNNc/hNTBq2TGLI9L

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
2680	msedge.exe
2680	msedge.exe
3768	identity_helper.exe
3768	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 1672	2680	msedge.exe	83
PID 2680 wrote to memory of 1672	2680	msedge.exe	83
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 2340	2680	msedge.exe	84
PID 2680 wrote to memory of 1356	2680	msedge.exe	85
PID 2680 wrote to memory of 1356	2680	msedge.exe	85
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86
PID 2680 wrote to memory of 2232	2680	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b50172116902a20b01bb67e56839eee_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef21e46f8,0x7ffef21e4708,0x7ffef21e4718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,264239905349129229,15584020849840893280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
97244a4b866e404446dc139016cf23fc

SHA1
54b2c9d1498907d75c6722b145729361b2353f47

SHA256
2fb7c27a7ff245726c6d886d5342cbd81ebb451c0dcd9a231af2252e8952ffac

SHA512
aede88d704c2bc0210189880d4260b9e35a9081eb21c51409048287ff35fa88aeecb036661baff2605419897ab644a4fc8e7fcfd93c14096d5e91503f5a4fc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
5ca192528dc07fdb4e3e61ff16b0e800

SHA1
19e72cc95df2a8e875911ec3b5a028edf34f248d

SHA256
51b92257ba3ed3f1dc3a35e56b01fa671038d584a9e840df0de3ad7ed87420bc

SHA512
d5b23660265c3d93ac7d9ada19dcc28c4e7a221554ad942049f1772d1e745459a8e29da89a027dd5fd77fc0b524098f67d52319eafa598b3853deb59c68d29e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
98KB

MD5
6499d15e8ab4c113563fef0cab905275

SHA1
bee743dc9dfd69c29fe994f5431cdd2df43c680b

SHA256
e7dda044b203311fae549a5df9329597dbe5ec52ed7aaad4925834776daef25e

SHA512
d5e6663b28cd19f5de0e786d23a90f0d53c2e5792b05dd85f2de455d7ac358850b778fd29bb1b6a0cf1eb34fcf84572d75818017a2f15afa594eaa71773534c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
32KB

MD5
1fbfc2ba1b544583815404b4ad92dbfd

SHA1
d4f89ec5247bf715e314e45848a2710b35e79715

SHA256
35683e41edb1cc791cf6d8c925431d63b500c4e8436b61a26d4676c3f1141476

SHA512
17530db85040c96d7971f0aa4cc768d297f2bfc3075533302c56b2ccc4f4da862e8226b9e642e8044c2061e26a1d2633e344439244c55cdf271d0c58d8b6a83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
3684c7775bc328aedb86315ec6891439

SHA1
cfbff177f45afdf36026595ba0abd3bb59f86a43

SHA256
e8d182897c2ec12664cd8e86b31ed441f775479b41a7f1ba39278d32e29fed87

SHA512
2f5f00b2018c4632260b7b26ed4d524dcdcc02f66c3e561a3ccef3a023c042ffefc3028329b4c58b59c4186936d51514b892bed0da00a410502b81bc95b6230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
07a87ea5c36f08d7c7bde51ad458191e

SHA1
9eef2ce30a4a5cc2c0af1d51c53665af867b0220

SHA256
f0ef8e955cbcec9803fee783a38ba2ee710d8888509bdd64549824b9fc730aef

SHA512
b439832a314c33497cbbd49fea66f6807f6c0fc6608717e8f6953cb8321d5cf8bb3755197c76ad0ce93eb55d5c1b086db14089a7ef09addafdf974ab26304b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
67966c47279eedb7edf2adcdf0d72a8e

SHA1
28725ff9b1e4cb2375778447cdaa4ba850b4e971

SHA256
dd589cd237f3811294128edd5d720594b54edf36d94ed46245565a5b323ae178

SHA512
f60d280992fa7ff73dbd6c2d00e0c249cfe5bfe247de5b28a8597b917bcf0773d7816dc3a2cf2a346aa72ab3d63f5c070c595275315fb0f8ef2715baef452573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c00bbb5b4a9037b21ebeae525fd0111

SHA1
c081bc07dae73ec27ae2eb6e8baef7dc44aee9b9

SHA256
07870b8ec8ca3190e26c32ab1c66008152a7c3f694b76df95d04a685e162c64c

SHA512
ccd397e4c79b626a5b5d7542a40361b9f276cc49c749fb956befba6be19d674686a2392106fa55444ee593b9c996b10833f0e9e9f1d8d02cb59619fbb3c049c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ae17a14936759b8046ad45fbaade83d

SHA1
bc70eeb3b5cda5c645db17362441d6e52f9546ce

SHA256
dfdc3ddcf330bd9557b6dab9ad636cbaa128e12f4dd91b8a224c2a29741c66bc

SHA512
ca3076126a71c717c72106d771260a08672888df8079d579db62fcca15c407e3f84d621b5567e502079840c60261fc5b528da177a355e07b927f7f2119216087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c2e8052c6d106a2552b0ee5bbf4f74c

SHA1
3950f350ac3c9cd6328129dc57e7f7a6bc35fd86

SHA256
c70edc831b2fbdf7e1c80bedd8b096e1dc9d3ce07b721fe7ccbbda73d627a1d7

SHA512
6172dbff9118632d60ff3a1c264e252a964e2d2e5e76a1103074a2b4997d8bc1f7bdf6289a0a1e91a74c9f2db376981c4c2dbb1ace46b43c39248c5af3a311b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f764b9611b1b15579d7f256b545aa026

SHA1
beb7c2fca62c97ada5f228a1c7a84deb4952a007

SHA256
4e5253c897d5eeacedc5ef96dda01fe57576c371166893470336799575175880

SHA512
bb24ba0a7d919085f79225405edf1be5039fad9aacc7acd229fd2e77eaea99c390cf985f0246a9967bc462b9f102e571761bf14a2f7879b45d72f89e8d31cfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4e634de01f86c8f94f0c2ed9288853de

SHA1
be93d2e87a9aeb11790785eff865479741aa8bfe

SHA256
58675416f7084a3e79beee8517c349f733298e439dd7ae00b476f8236133b5ea

SHA512
0f9820909d05d7e48325c7b217a8ec7420015a5c31de6f7fefac1be14eb4d95b95e8d59a5993563d5c62fd82b691df135617af86ec4e513916a2af5f22293bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587990.TMP

Filesize
203B

MD5
88187e3e6b8661952e08d96e6ca55619

SHA1
b6bd62193e59d7ac67df63dfb7b6a06f764b9e52

SHA256
5e2a1522aafcdcd2394b4fba53eb208020d2a48bdfc4e45b73a501e4cbb13ee6

SHA512
4c3a56c66496896b6e65df8b35b8c45389a81bf37fc3487cc18ea7c76aa6d2f35d7265665d1a65767a96e3e9c8ab09390541480639e9bdf9cefa6348a888ef13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e07c65fbd64872eac2f1522581f235c

SHA1
880704824eb15267341d8f41b631ad229078c13b

SHA256
508e970f94a2f0fdbbe7cd61361d3dabe5070adbf7621557e222165145140b50

SHA512
49ad01247933ee576b39a0f54f3ba19b50a5fac6246fed1540e7514599b18cd84686f50762fca619cefdcedf8e005435744b566113c929082caa48e8de33c1c8

Download Submit