294176c3aa9d41a274b8584579e117ac3946c5026a24aa5092c1dacc9ad80740

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4ecac9b93f8ed8a59d098e3f7829859_JaffaCakes118.html
Size

72KB
MD5

b4ecac9b93f8ed8a59d098e3f7829859
SHA1

b9f2a8561f0b6392c0fa44483a3432855ef612ad
SHA256

294176c3aa9d41a274b8584579e117ac3946c5026a24aa5092c1dacc9ad80740
SHA512

a40984e78efc97d061565c3cbd0fdefd7cd57034930f4d06d4f31e14a9a8aa85487eed781cf9f936a7e67883d0bb5d28fbeb5d475240c908f4c82bb4a1feaeda
SSDEEP

1536:5dUOBzVvtibR6KY1UCP7b9wrVDZaMkvww26rSFtPY5R+qyJxtlci23:5dUOBq6b7byD02Eoqfik

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
4996	msedge.exe
4996	msedge.exe
4072	identity_helper.exe
4072	identity_helper.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 4236	4996	msedge.exe	82
PID 4996 wrote to memory of 4236	4996	msedge.exe	82
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2820	4996	msedge.exe	84
PID 4996 wrote to memory of 2820	4996	msedge.exe	84
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\b4ecac9b93f8ed8a59d098e3f7829859_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dfa46f8,0x7ffa6dfa4708,0x7ffa6dfa4718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9a74a9e86c690d319daa3f575155ca99

SHA1
4e56e1e4bfbd7d867f4c19a24cdca4610ab9af2b

SHA256
c07873cb25b5ba641198e0f0e798b4496b853ea8481d00306b9f1f9e6cf07682

SHA512
92806482473a1baeb5b131c31228b61714bc2028d98d85f6544cd43b89ece874f3bdda190a8851575c10bf51a3302b9895e4afc58776b9e78ac5e95eda7fd2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
377B

MD5
8f9cdfedc927db4704d8065582bd5831

SHA1
14d8702db61b768b3ade92abb2d744e64f71b7ab

SHA256
51eed2c7c7a2f4257b6e42bbae64dfe8a6c6b9e95eb124d85b7d14144e05fbf5

SHA512
f0be4b9c2c4f6b83692a39685c21c26d05e7bd366befedf20595afd45cc9098ef16c03a89b1a53ad0a424c92e32a563ce4ccf1808474fa4381f9934e17b3d1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e194369e76f6345cc5dc1795203705d

SHA1
e4e551354c8cc7b31984fcb161fae7010bcee3c7

SHA256
aa5d7aa556178f3db0e1db1ed74aa081e4ed07b262e3365207067cadd45bba97

SHA512
ae3781e3a29410772d829f7286dafa77242f29375dcfd88b0ff744df82e792251d6bc1cfae39d1a2648e53f0b60566f26b460198dc3fe3f7efe0455ce83179a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e1937858259d9800d063ba42afe4a61

SHA1
2b19ddb77933a2e80ae34a41b65e87c643e90d1f

SHA256
5436f9fda051563f2ed4dd11111fca3e41bd0c8118487a0c0339a806dca15109

SHA512
cdf0a6ecf2da033d675fe92727ad6093e67f40947a28f027b784e9baf100d73ab9b13b376a0643d415f89fec9c777b878fb5bf85189fe4403689600d3413c425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eea396ea66a078d32f6a09a6790d9c3

SHA1
82d6b4a29456ad23100c68e7f0e987742f52795a

SHA256
cd0869d67e43e0d80a217c73708a9a41a979eef57589209a500b1c87499af1fb

SHA512
4b71965402539d546e488f594c47fa4e44c687b0dc6dfb0eed6f3aaca7d990d55a33f176e2431d4d5952dc6bf7e33a637c986f96221ecf0ffbf1093b0fcd348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
609d391ab7497bcdcfd04a5d24edc9f3

SHA1
57b1f4eed3ff3fa14e87e9993c014ad0983d30e3

SHA256
0e4e79096cd1b62336a18aa582f9bfc012ed22c1ab2efbfb3a45cf1be8087da2

SHA512
6057a0b62cc244304cce9c7facb030e1d1dd022fa68acb3f6a9be2439a02728b7fd6b45343ed003044fce0c43e35425c979a102b5789a624b493e42b605640e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59578c.TMP

Filesize
372B

MD5
7d298fe3a77b5a6773c4d7ed8df88ea7

SHA1
0dd7b0fa218b887749fde0bb859703f17e097fb9

SHA256
4607c753818925188fd7a4ef48b215015ae27149a9e703eaeb19659e9d6195fd

SHA512
1ac00045b1298ddc587e1d042d1e365e2c5ce6153a3ccf23454f05e56020643738c8ef6c79080088d59dc0084f157c8861e4245c1af00b4a9b1e101e0a0a244e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
317be461b9e201367c5ecf710ffbd3b5

SHA1
c33895f752f773b7d61b641cdf4995b529db57f2

SHA256
2248c592bb8d5484567eb80a7fc7ce2659efb261a4fd8b82339ed6877df1f496

SHA512
86a8cf25d43e46af33cb01f942a2a19c24a9db923df8757526322c50a2b232866d8f57a0720cb751d6f03582ccd3581d222bed5a50785ec31b25dc108b884ea1

Download Submit