f9b21135dfe1ba047431bc728d499781872962d948a5840b99b11f7fff674d4e

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

949b95428a92e0a5218c4c95ce9bd985_JaffaCakes118.html
Size

283KB
MD5

949b95428a92e0a5218c4c95ce9bd985
SHA1

e80ef77837059aa31e4e082dcc23f14c056c8b57
SHA256

f9b21135dfe1ba047431bc728d499781872962d948a5840b99b11f7fff674d4e
SHA512

853d2cc22b0cac0fa8789a9212e6a6e22d541f900e86d035e5f66ca0bcf88cdfb84a2fb90f99fef5afed3cd5df495cc574dba806aeac3fdd4cdf086bdf8ef120
SSDEEP

3072:ObW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGgTu3VY7RJvfy3dXdcr:PDAXmNR8/3w

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
4292	msedge.exe
4292	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4768	identity_helper.exe
4768	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 436	4292	msedge.exe	83
PID 4292 wrote to memory of 436	4292	msedge.exe	83
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2788	4292	msedge.exe	84
PID 4292 wrote to memory of 2144	4292	msedge.exe	85
PID 4292 wrote to memory of 2144	4292	msedge.exe	85
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86
PID 4292 wrote to memory of 2092	4292	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\949b95428a92e0a5218c4c95ce9bd985_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff272d46f8,0x7fff272d4708,0x7fff272d4718
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12008285229612966456,14227860761606238510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
abc48fd7cd6c006eb9f9c5719748c9ec

SHA1
1bfee875209e5a39e65213bd25322becf223d1c3

SHA256
862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93

SHA512
62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6ad4e4f39f2df14a7d2eac943a070013

SHA1
ecce5c0df681aa5aa39bd6a52ffa7330a8d14284

SHA256
a8f50cbfe478fe02d0d0e463e975bf8ffd7ac6f22bd7b3ad55b3156ce21777b1

SHA512
fd5d9a5824e779f3706ff38b2ddef532606dbdb0226ebc8962d6b9210c64d81698ac9b2028951d96e66be20c9673207a6b23337960f792c2306cabbc1f341bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5f8cc7795844e2dfac132b580f396fe1

SHA1
544acc9f2efca6f1c4e03cc712b40cd4a9813c17

SHA256
58367548117a2b411bde0c3c7381eea0a67ba349a1fe5feb9a3a1f6fcfa17b55

SHA512
5ab73dd6d98cfb099f9a8b8780d0a4260e009d84a1ddf63e5d62ef97f184ce71544ac41bfc0444e8a77413f0480a9808a6abc9bc154a735a8139c8b2719de821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee453cf8b9db092d4c526e6390614fce

SHA1
a6e0791f636c38b8f7a5cd6893b627fb1b9f9ebf

SHA256
2865f5d97738c158cf8653b31daa513d502252851b1b34d2dd40024a94eaf7ad

SHA512
0a38a064156be963e2487b425e52e0e0b8d740523046e354bd1c0a8c215c3881055ec4f27453ba7110a3a8c2a48402e0733d23e84299151bd0456c10ea306fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b80487d6cdb9677a4b05e915c6a8d4b1

SHA1
9f9be78a9f604eadb0d8e9d5d6ed8c191f189319

SHA256
681c66b99d7a3aede28c5a23da3fa322f113d9bc5a479594f691834a3879dd0c

SHA512
730bc91a01590b94a997049171e623980abf5ad10d77b952a1ab2f5028c72964e73e2784e1d0014bfbf9c16b608a9551300d1749765f5b5b0c8d59db04039130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1b5638b4fefde88ad48b10b95bdef68

SHA1
03371a1091131f939844de87e6d27025fa5945e9

SHA256
f79674aa9f4b6e8bb9439695b57112e663f154128cf54447cb782ac652bcae30

SHA512
663c7b7bfb74a1b26d50dde7f1f6c6f205c9d93491999566c517f52a24853564419c2b0cdd34dae0ba7bf6516f2769fd9a61d39b271d9765169525a12aebfd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d26acc820607970bb2a2b0c487e25349

SHA1
1dc3ee1e8debd677d3db74c21f01846c7e6009cb

SHA256
8faefb28762e2a92d427878b1c8309af2904e950b84c5258bb9600bcdadfeddc

SHA512
e1c3e5af07415ed9934cf2649d82f130df2a9357831a751e5abdd5842c42c1a4989986bba4d980b4bb6b0f201748a6cebd1785798a4a8d6fd424cb157e181dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
44e32dfb574b945cfa6856105c4080bc

SHA1
617e27ed004e8a8abe4354640ad05c2c1ea4ea07

SHA256
d4c9b63909e897f88378f3b292275a38173034919cc808f14cf80e1ebd9868f9

SHA512
21176a7d19461fcdeb3873b1ed06d9958b2422be8e72fba74206b02877f6149eb8b7bbd9a286c63a7a23975716748395b1565db67525e778ef71f19c29e7e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
7e9af1663e84a8a7131fd03e4b1902cd

SHA1
bf3a960bcf6b999952cf26ccbe8900261223fd3a

SHA256
5fa41f906443f1653230c6d99cac7f1f2c55296a8be119a2e78dd2c16840f43d

SHA512
b0237a6b2a25b4b4aa9ead458868d1f277df7d0d130b7b41fc2c69d78e9b0abccef8e67ba5b101f79e9d93d0cf4b307307b8a4b6e5fc85a7e28e98963f18847f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
2a903e65454d7f4a7b20ecc38e1ef771

SHA1
6f12d770d4c3bf0a9fb574d8f1a384ac350ed9d2

SHA256
25ff4c57db8025f64c678d8d8b618e3129c2c5a514bedace610d8ce9877dc398

SHA512
62e36bb80c76602a48f517ab151ac661e4db26f07661fe554ed51f48eb4358b1424013ceb6cac041c9d1f3e99a815038c1423f106cca8872c5bb7d3f63d2d50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584419.TMP

Filesize
203B

MD5
b1d0be5c4157555bf8544fdb525f7b31

SHA1
610bf5b16162619cad9f2a758a52f6dc87a3c158

SHA256
1e06351e3a7f1f71e97e580a14d3dec0e366dd03dd918b9e0535624a0c92ef05

SHA512
ba129354123b35d654d8276b7ca5a55b4f7e1b6a31012336e09eda8b4eb33113c4b1af6efb5b176aea634a3a19ae794e02cd28f56b721c0c6ecdb543d02c5db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc217945-9dde-4b8a-ae5f-c8bff5f2a01c.tmp

Filesize
705B

MD5
ffd41e5a49dc3baee6192b6eabc1d6bf

SHA1
7472fefd2315997bfa433d71db939c1786b595ed

SHA256
03baf99c3e17a122d20df603cdad88e856c4870fc9037bfdd69366e02ed06d26

SHA512
932b4d35190971ea2dba37889901c933e5ce8605e0921ce38d0629bdfc9471c3c3f1de5a4789f3b829285a9682534706e22d078f5d81361fe55db9d808226960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbdf4ee5e19d9be14d12a77ff5d07552

SHA1
585767ef39a93add5a49e58657abdb03fc209a7a

SHA256
457a90600a40ec2a8f41c937a68cfb12192f5a6508b98ec8785ac2f257d23395

SHA512
d419204b3883192611fc8e4892327a43e85ec517a3258178261bb410d08147c875f1354179b363b555afc085820b2debb25db6b5e7c744395be1c69d91cb05b3

Download Submit