01554794840f02091174b9b44ed91684d30da00b650e3700902221de32a99233

Analysis

max time kernel
144s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0696fd771b62850fa7211fabafff98_JaffaCakes118.html
Size

281KB
MD5

ca0696fd771b62850fa7211fabafff98
SHA1

a9c6f204d82bc579e1c923422b7db8d834153a2f
SHA256

01554794840f02091174b9b44ed91684d30da00b650e3700902221de32a99233
SHA512

f7f74573ffec9f08244c5fe92cc1ad4a6603a9fdc5f042f623d78f9c76298c86ef8cd413f30a2032e49ef592916d3e72118fd609e39a99c99b74f3fa7798e042
SSDEEP

3072:OjW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGgTu3VY7RJvfy3dYd0z:nDAXmNR8/Xt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
1736	msedge.exe
1736	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 224	1736	msedge.exe	84
PID 1736 wrote to memory of 224	1736	msedge.exe	84
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3488	1736	msedge.exe	85
PID 1736 wrote to memory of 3008	1736	msedge.exe	86
PID 1736 wrote to memory of 3008	1736	msedge.exe	86
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87
PID 1736 wrote to memory of 348	1736	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ca0696fd771b62850fa7211fabafff98_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd70846f8,0x7ffcd7084708,0x7ffcd7084718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16810150901126841748,4165187599548937578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
abc48fd7cd6c006eb9f9c5719748c9ec

SHA1
1bfee875209e5a39e65213bd25322becf223d1c3

SHA256
862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93

SHA512
62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
321d683f2bcd4aecf125dc405ba1e51f

SHA1
36d4da498d21c2b50061089b5dd107311b1fce33

SHA256
2e62512f44ad2d8f1fd5d6b6d511811cedcaee78a7bfe709106016d43f849053

SHA512
3b877c133d1775f4ba1276dc4ada093e466f706c6a5d4a57d4fb217ed785e3f89cb512fee89c78c5590325a0f1fe6ebc10ad787ed834c6a50ca73a4449c8b1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0e43b759dbbbb5d454c337c03c7bedf2

SHA1
0254a97e5692e75c29719f3b56a07cf5cea4623a

SHA256
e230e0d2a4a650e776da281fd4ee02fef320d9aaff3528052c8399fd11ba20c8

SHA512
1fd0e7742265bc92152d2f852963d181bb3c19fd95c91058f3758626a6b3295192ad96c32cf555afb303e20de56b6dbdfb65859bcb88943871ba0a4ff924c7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e74a14b267e9b7b8639edeac8213abf1

SHA1
dd2e8f21440eccde74b3550292616ee437fd8874

SHA256
b13f9dc9975de101a26021e146667a86bec85c3bebb73197b254c0c528868d66

SHA512
9ee7bb8457bb1ed7ebe1ea672bb48896958d0960152d36019e412732013f8dfd2e8780cb3a0863ec4199ed07ec11a31f8491713e149d11cab8eb95efe3687be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc5eb171990fef9fb6b9baa548a04715

SHA1
ce7fae867854d2068c31913ea873cb4fde208ef1

SHA256
fb1cd0479c5798e17410491551d12ac70413427ef884df4dfcfdf75f2b063920

SHA512
2d97abf0ca9aa804d7076002175f211dbd8f0145ddc3f5ea8c4d92c80d88cbf43370e5cf478418052ee1a32294157f0720bd16185fe733f108afb7234e300b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46e3a129631107540d37094c4ce3fb5b

SHA1
98a1c72ba6e17752565d6d22921a081dd479e13f

SHA256
df5be777d751beea6d43b66c0c90d0a1c304c1309496959d97779224979ebc35

SHA512
a81b81cc64ed001efd1accca8c28f7594209d0f17e99df40200bea6014b0f1db6f08907788762a4c7a4e07288e9c5e963063a69b614f1caa2936bde9c88a3b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ec9200d70d4e54492410a9fbe8db9df9

SHA1
16f847ad90e0785769187f36ceee888c91afe554

SHA256
810212179dad53fc2fc01b1c350a82b3b133a7b74db095efc13da6fdd25ba27b

SHA512
ab6bee317105f8b430627fa0d1977a3e1356112db187fbcca071f03811f766bef65dbd1eeef795632055dc4cbc3c8a612adf571f8796980a9f1f3b3ca8e96f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e8efa858eac7979fdb3329e5e831508b

SHA1
612002b12bb31df3bc75e96b253a469e06b5fd12

SHA256
9a78e35efe41ad7abea0dba3d14a440213ae9462c4c587ee8aabf878fe165c15

SHA512
07c547d5758cca2fb3f40ef570fbed8f2d176df71da7a9f3b6089d53b622c48654671689c46a527342e74ee4a2819f253c3cd724c385ce42e75386ede282ff57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
59edba3a713ed3dce6fa132d88ac6f55

SHA1
315880600155cc8a83a139ac194c5f48b8d6e15f

SHA256
b3f1dce284ba16058836bb74f8eba410c29d7526d804d31c34d4f87b4da6e1be

SHA512
450aaa2c093929cd3828a7314eeeee510691ad89ea056581ea8b6c49a84054e94ba1ec39883bb849be46ce486ad03ee7a0668ce446129ab7450780180ebac0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1779bdaa7feca93acccbe115213ce0d1

SHA1
ca61f316c094e1050b14ccd6d6b16cd322a50e7b

SHA256
cb6eb93bca2e1959e4d60c064b0c665d3f4ce2777b53abea7255551ad86c280f

SHA512
f1bf469654544c5c233eeeab71eccbe558dce774bdf5713cbe1daba357a421b4dc3c07dc15ec1c03de49a527120b5402c102c4dc3939d9f5aec8ee98a0646d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a0d.TMP

Filesize
203B

MD5
c87c76c4e2403a7fbe0a007b8f01db26

SHA1
ada0460aaf3d50ca257b93a506b3f7c4c5f255f9

SHA256
4d153fe68678febe31665f853d316522e2edd2cdfea2ca270849717a9d4cd17f

SHA512
930049772cb28f5c9c6cd249a8ac2bd46f9db5d59b83065e36d78e150a55cd4a8332a21e61e695b3d3109e0c34af79f91e610d22fce46e767599611d31a6c760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
533d90f69b2c9054b5bbeeafc6b61159

SHA1
c1d8fb7818f4d8ba460b24dd58ad04f50f3dba0f

SHA256
78dcef9a68edf3076a4902ba400598e71dfbb9f9f5caff077f794773928a4634

SHA512
981326dcdcc94132f3cba9a50159fd4dcc1ea6ee9a5f7dee232c3f51c8754b96aa439a830cc9b810b202558c2e5b22d25ebe4bd5b44b573be5f735d318e2eddd

Download Submit