6d80dc518829d7135226187be78c102b5f742a1c2a97c57993af357bffaf7c8a

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eff239330af743fec3e329eca3ef671_JaffaCakes118.html
Size

395KB
MD5

6eff239330af743fec3e329eca3ef671
SHA1

ec24f26e13e7d11a6d14de01597bb9500c74a20b
SHA256

6d80dc518829d7135226187be78c102b5f742a1c2a97c57993af357bffaf7c8a
SHA512

cb777d6aeefaeb52d2faf83b9c259d581cbd2538c99a9c29bee56367db32dfacc01a724c4c593fa20dc9bd9eec828e558714c6488be4028c6783645657548825
SSDEEP

3072:OsW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGGfpTMAYeJPeaGzv3VY7RJvw:2DAXmNR8/AWAYEWTR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2300	msedge.exe
2300	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4860	identity_helper.exe
4860	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 404	2300	msedge.exe	84
PID 2300 wrote to memory of 404	2300	msedge.exe	84
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 3120	2300	msedge.exe	85
PID 2300 wrote to memory of 2168	2300	msedge.exe	86
PID 2300 wrote to memory of 2168	2300	msedge.exe	86
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87
PID 2300 wrote to memory of 4076	2300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03f7052e-4999-44ac-a242-272150dae9f1.tmp

Filesize
5KB

MD5
852bc91165b7c2edf716051b1c0baee1

SHA1
ceb349bc45b404b267909b13812c107ab0185545

SHA256
4705d2c38ec2722613957afa6a210798fb63950af2b3b9905ee8fec75d9da437

SHA512
1f0edb00400a55ef7b3978fa4ad719d6542027a3a1e8a02631ea327d3f2cd21c1f57a1f9802dc693ae14183fe280437c2e4a5d46afa5a58ad30225e6987a09da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
318ffbb8b70b421abc02996dcfe8afc3

SHA1
4240e64a8604fa36481bf24471545a2c7c10c89c

SHA256
fba866aea3cb0fce98cf10cb57975933d6cfaaed27f9f25250008814c9bf8e95

SHA512
1a0f6266836348c4ee0fbfdfdc9197b66add2a5b150ea8a1205b4e3876eb5c82d7404bd26791de29ff48004dfed187d9bab5a9678dfe1c71cf513dd49abacc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cfb5f41088373c01c3d0073aad9e736e

SHA1
b919dc5bff656f1cfb2984e51af1d635b6c65f21

SHA256
1ddd8e57569c6789adfa13a3586122d3b8b8bd6acd6729acd8b1b275007858a2

SHA512
0d290fc0d8ac97e669593cbb982be383db64e9840adff23326169b758a4a05010b5cbd41079dfefb7a39e6ce312d9516e9f5eec9f4ad39636c70586afadd4239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9416b2401a223bcfa0ce4f7461b5b69a

SHA1
5d0d5649025b7d7906596c08f762b5e251ff782e

SHA256
bcf839a0070044e4fc1dc09210df1537e1ae01ffbe9a34add02f3b8d3600d1a5

SHA512
aaf289e781ed0c2a74e454a75c3c1024580ee00109406e28ed22df2693db1b244a915e7d2ea71e55fa8850a81c7648cf3a18ad3f9abcee1795f7d787a4fb9ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7cd0ea9f664a59dad8a99fb16bb47d49

SHA1
631f0991cfc8c42ea78f96d2edf064bb4d244c35

SHA256
e95fe82bd3a6af894b95d42cb49ac225e4f79786eda80a232164044f5bb6fa8f

SHA512
74b2f17e16f09e385702801c163d135e24fdeb8d691d4733459f25d53c9bd338fe857879d1d8fa410223763dcadd03cc3f0458d65f37856f7cee818e994148e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90d74dd7c75aebd271ba8649b2ecc709

SHA1
84f2f93fa6f0d289cdf88e0cc3c34d862bed3917

SHA256
5a869cd62cd40474a5fcecc170cf3af033197f740de42bfa5324ed446062529e

SHA512
0b912c53b8bf1909316153fd45780c0263079dbccb2b832692964da55c49184f9324463ee621e57eb29c759c7cfc3bf5752533281b5d8c5384f90bf51cfa62f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
740907b07e7f014429b9787959667598

SHA1
071e2091982a25d4a84b2c89132a8d3f4843aa80

SHA256
a3e7059b154853755341b6078309e8782f8f9badf32620372d77208f2bdb6dce

SHA512
be751be4f767d13fad6c74a52a56630c52e8d3734447fef6fc5c956fa9262a29c4b45c7b4a159c8c501851e664257be25561fa8394577d70f0140e9ffe2fed84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9a53013a5eb9d50401ace795916c9ac1

SHA1
4055f256b86a66660d1e06056421feb7a6e742e9

SHA256
537d5195bf9719452ed7a4ddf2eb12c74df59ba77886a4e871bd0265e66725c4

SHA512
13b2f50d662ddc31b2ed339d3036fd1929300e7b36226d06ae9bd856b800b6952c03a2c8026eff27fb212bfbc2bc725655cfa4d788cb75e857693bf22faf4e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d929420e4715ed83abaf6601e044d64a

SHA1
e53cbbb7fa60230d5c4ca06d978c99360ee205c5

SHA256
ad4eb1561723b5ec9532b226007e9edb3b0b6fa78e68d6acdaa5f22955c33315

SHA512
67a12bf255e563a171be1a9d37273a5901dc169b87daaeaffacbc1f57cfa90cc5c75493f7cdb9de7e0adeb26f4f9b9b9b6659b1c5c0b8f5e930d9c4b8fd7d43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
aac2d9780b5ca0864c8945c7f7a9e87c

SHA1
8674f1bb0ff827de0f60760da0438a0b7bda506f

SHA256
0b78024e0f22eba58d80af32e21ccd634f6c474ff8e78fb31528f58739708ca3

SHA512
45a0b08e2680c345fdefffd502e127a29789c09f5e71c2afc57b19576ba2f306f704e086af5971850a2548e45e6d86ae2e8851faf877fdd8c0cbe00528f396fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
70f4a867c85df8f1b117d8988b47c11b

SHA1
b31cdfd2713e494a2f1f6bbbe1aa7c016c1e4d88

SHA256
4db37876183c4f1d140848695c0c74fe209f237d582b9852d04c5dae696335df

SHA512
5c908697365be532c9b4f39e9586dc646e690d826661dadd120a95721a31670ad8864cc14ce544c4d0fc578f8dcf3550d9210199386597f624645faaf03f87a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583786.TMP

Filesize
203B

MD5
1fc4cbb04b9533c03bcb4445e287bd4d

SHA1
7df6d942101eb347eeef247418b7aa3b7fe09af8

SHA256
4b776c724ee0d173dc3cfa0a239f397dee4d76e8bb1684ca8b010675937d8bd4

SHA512
a62a1ff3ae419c9c8f05e344f00a64973b8068589c466a988c1724046d74b0b96a4f6136a7af7318db7e12fddc3639ffb8c8d6e5678d8403936295b57c6726ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71afbe33c71419b836b38771a92d3937

SHA1
82e9a524f3e5f89f7359df9c86df8bf07f3204c1

SHA256
887ca51aae7a0b9daf20b167edf9836e3053d308bdbe9121d3b708819ad56ea0

SHA512
10cdfdcd26234e8e1f4eaf66668f6e037c37a0455435792cf556a8354c7191d357689585656287f5214a1db2f2435eb65995f5df1a5106fb3bab1f301a506e92

Download Submit