4c14486c63308995ac6d216ae5b62854866b7024b37f7580d1fba78c5eb98196

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c05b99c11736f802277ed36a8fa9d356_JaffaCakes118.html
Size

462KB
MD5

c05b99c11736f802277ed36a8fa9d356
SHA1

a279bd5aad4f9079f86ce4760fc8faf6369c705c
SHA256

4c14486c63308995ac6d216ae5b62854866b7024b37f7580d1fba78c5eb98196
SHA512

557b317109ed08615971798a17c137bb510c7bb106b9d6c6007c1432cf730e71943ed6ece182af7acfb635fb159825c6f46a300b9d26780f28abf5f7b3255009
SSDEEP

3072:ObW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGElumsV3Qa+W2GtKgnxCm2UB:bDAXmNR8/Rms9QadKgnxCmhApQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3408	msedge.exe
3408	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
3924	identity_helper.exe
3924	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 1432	3408	msedge.exe	83
PID 3408 wrote to memory of 1432	3408	msedge.exe	83
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 216	3408	msedge.exe	84
PID 3408 wrote to memory of 3748	3408	msedge.exe	85
PID 3408 wrote to memory of 3748	3408	msedge.exe	85
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86
PID 3408 wrote to memory of 3972	3408	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c05b99c11736f802277ed36a8fa9d356_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff9f29246f8,0x7ff9f2924708,0x7ff9f2924718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2566580407888547968,2349534263999442698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
abc48fd7cd6c006eb9f9c5719748c9ec

SHA1
1bfee875209e5a39e65213bd25322becf223d1c3

SHA256
862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93

SHA512
62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cc3e9cf70102e5441debe6125554a607

SHA1
4715f59129fa75abdbe4ca4791ffeb5d6f290acc

SHA256
1d3ab9d5d28bdb8bdfa600faf16d4bd1f2862d79f4afe96da8fc58b79e9adba5

SHA512
c0ba84e19a749ba0fd1ccb62d02070f907430e201b675f5308944d12a2ef89bb052def4e38e83fe03ce6a468b1bf5113114b3c3badf67caba98f42ddffbf3ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b947d23a6654b3c4337e83670f88f2d7

SHA1
77859eb899bb8371520937dd615d1552a0074aee

SHA256
a464df7ce5a3af0956da75391a88417d418f0a8a02d41f8a6cb433d021518c5e

SHA512
54bf37ff2ae3fdbb96a45996c197b75516909fcf57f5bd91e1b17a87766c6ea9f9e1402055f29aff2d6aa781d47e2266087df1bf6cd30ed99929706c36fece76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68f65c8e7e522900137b105f197f8f37

SHA1
d6a079a9b289af4bb20b80d70d123d42d00b12e8

SHA256
2491504e9998075c3f397cbf7c21b2d910c1434e84a28ba1238f06be3b686444

SHA512
a9f63cc2e6b213aaf78325d1c2ba82824d8f86136071997999838f19edc2c0f7d2d30a21863709b50eb23fe10b2b74d8b2ee6405c73d40261f775c1ce5c987a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ed1812b7bfe131a573fc0bf7cc5d6867

SHA1
9607fdaa70abdab4f1428dd4a5c19c8b65620228

SHA256
4b3af0e55cc46ef7c4370dc82037ebb53746c63d6a2009ab097cbafb4faf7c6e

SHA512
0049ea8073547277df42e2bfa9d3b53fea434fb921d65399afb546e8956edcbd48430ef21aaaad4b2903ad782f85c407dd3fb4a32a9a1b908b43194109a270a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
790396acb28cbeee9011255b3d8b60cf

SHA1
b8fd88bd1be48c98578c520ddb83771eed6d880f

SHA256
9dc84c0915248be6cd64c2010dba139a804bc1b8c25a3a4ad9c4566cbc9fe72a

SHA512
2e197c42788faf74eab1c4e5ec36ee10ed312c1d72c2fe0e08148947be5c50fa1dacc99871778800ca8ffec8c8aa571da4697f6a876b0cabea13bc103f336eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d37682f0f54307a08d46d2d83d481e9d

SHA1
5cf2b0bfba402b6e3c2f1d18ae0f436e04717b70

SHA256
e15d37b155c8503570839414e78b24feaa32307dc68c80b76d40421235086716

SHA512
7b4e52dff308e05163c39b5a831cf35b689055298be720b16cd00f0dfaac1db8daf60bf90b739f12c6fb6279337d1702f5c7520b241e760d36399ff4d8c251dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c2ab7e78b02be29bf3915dcf2e1d7ef

SHA1
6f9b12349c36116ab6059e1e50f47ddfa42b851a

SHA256
1c7ca9b1e58108fc8be5c348bc85bde80d155fc8dd488dbf00381ff820f0d5fb

SHA512
c7a8c2e0f0a63ef3eb4c8d34e113bdbbfe4059694d17bb87f0ce20ff3608e67c0aa69c3c0152854a996898bb4e714b6cfc407953ee6b1ee5f8771de71c0cb9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
a3aa7f8124d1dfef2ea48111f45ba2af

SHA1
00de6d336f49c44e741922ca6a8e58e83ec4cf3e

SHA256
ecff61ce9d527aa18f01c5f9721723af838822e67ab0b3b4a46ee99144e24f02

SHA512
8ed1257fbf56696a6000fcf105cc633b2b5d1307a27c6c771e2f6393e0636e9b77761535f49ef952b1e7e8b9641c1c34e89f880c58cb3b65d1a5965ee12ee136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
554286f6d0f3c3757945871dc2044b1f

SHA1
4266560842269111033fcad537cc0364833f16da

SHA256
9de2e4a48cb4fb8162e0af1eba5544dc3b510125ac5c79479c34e4933b350d74

SHA512
9fb874a77f8769b233373c736061e90ed3dd483452afa14f9afdf053a68d8574ac66cb709745601dd3298b1bebbf1b1aa6c0c23ca7e0584990c150c994941e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
7b1db09e2b42bec6538a9ee16bd51e6f

SHA1
6a7686e5787e605d25d262da5a7ec3bec93bad01

SHA256
057214693591e4d72eb831c2b096c9c5a3a056f1a0f785b947cc2f337d063597

SHA512
79bc39d1c83bcb7c52cd3140e59dbfb3cc73e1249504256db35aa5af6551e729c7edead0f218be23786f205ffba269415991666a984d4db5130522fa6758f5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823cf.TMP

Filesize
370B

MD5
93b61d1d658e6e9e47db31d56645bf26

SHA1
85b3c1c8b33539659d69400487859a926b60f855

SHA256
08cd541291d30536c9c5e7c45632711b4eec46a81ab537bba8489bed24d09ae8

SHA512
9eb107d6eba1f567cc9a8aa7fc5d3d59e16c2ceadfc42dd590cedb96cd207ebd45444e2cee90c2805700a588c85ef5729921a342a25a3a6018b8bc77c5b5a452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
027436a5ad4add80acb21acaec0fd99b

SHA1
484d18527668be165b49a1c237894e594b9af188

SHA256
5329da433150d26a91e1450852ec0f7ccc1d9a6d8cdfd05c91fa9e2baf36743f

SHA512
809431248b1ca39ec9c80392bd17d6b5eab6c03b9924ee92394a783b64182ad941201a8fbe1d374f99b85a03af31ee49ce0fcb0a72a6d66a97808bbc9741aab6

Download Submit