aa14c91f12c6f44b7800a4b9e8c1733f2f01ac220116dd43d009f0a7a0a8630c

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed747913ab380285ee0a6d18604e2ad5_JaffaCakes118.html
Size

436KB
MD5

ed747913ab380285ee0a6d18604e2ad5
SHA1

af8b672b5446765ee7a5881fb872cf69fa55a3a1
SHA256

aa14c91f12c6f44b7800a4b9e8c1733f2f01ac220116dd43d009f0a7a0a8630c
SHA512

f75657db4f0d94a59a38eec4b9da483ec79df1fc35898b49dfb06689a787eead79d7387ca9528874d7aac27a9b6456fc7715788020e88c2eb11d91f2967acf9c
SSDEEP

3072:ONW6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGEHLyxURw8SJvRgqe55iPMG7:VDAXmNR8/iyxUC5gqe55iPMS/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
1912	msedge.exe
1912	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 4448	1912	msedge.exe	82
PID 1912 wrote to memory of 4448	1912	msedge.exe	82
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4420	1912	msedge.exe	83
PID 1912 wrote to memory of 4828	1912	msedge.exe	84
PID 1912 wrote to memory of 4828	1912	msedge.exe	84
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85
PID 1912 wrote to memory of 3424	1912	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ed747913ab380285ee0a6d18604e2ad5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff93b0346f8,0x7ff93b034708,0x7ff93b034718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10792248458666174701,5273502080134965253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
db3fc7b427713e5c342d93f8e60e2f76

SHA1
a2b621562242a1b3580e9b9626b36f404036c9f1

SHA256
30510843378f196eb6b81c6109fa22a81f68f81627abbc2ba32913925e18725b

SHA512
1d01de7ef503d86e1afd91e776a5ca58b01616785f5057537865f53cfaec97acffe1a3e75319321841619c8fbd6119408e0b665983be025b856a5bb8c23a3057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c29cc200c54b92b7cb8343bb2e449775

SHA1
7a3a30632104254f9735e4ba83b6d97a50c63bd8

SHA256
2eee8387e4fb96f44236aa09e0f0452ece0001619636082f32cbbfedf6ecd29a

SHA512
5d5a405e9995f9402a0a3fb5820091cf098f1a1047889bf609ccba47fba509bf962615d9d9d55f558bbd19647d4db5e0dd0f7e9e9bbe9fb7f2dea57495476161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6fd7c997ed512bb591d9f00b6e38a02

SHA1
813050203d56dbf72ddf5d65157705719da33e82

SHA256
e6bde660ab81a6ff9cf593762cc038de18e57161dcdbdb367304399d717c9a58

SHA512
583fb2d4fa3d442ee6c49c44de42f69a29c461b07d9aa2f7cb30b5c7ff73f99deaba7451e4a0e22758eb48097981408a1d64872738a60026596ed06951ef1fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9b9b3ea269f72fae0816bab9ec9c8f6a

SHA1
226278eb1a3fffe093382d4fcf9b1c5a7a6f2f00

SHA256
cf63b53c5f1223ecfb0d05aed851faa711a284ea7a8892b21994effff5a00818

SHA512
a8201fc4a959338ffefcb68f05f40092cc83c39703efdd4238372d63688bf52f55bb8dbf73818f0dc9a9a686734f0f7c3189cb4dda9ccdbb6484e196e01330d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c04b016ea2fe6b5cd680200e9f9508f0

SHA1
ee99d0a5f2fd8495e603fc82af03163f2680edb1

SHA256
045a42cf05dcfb1834e60c6393a42a34e3445298d46b41a9828f177f3dff65cd

SHA512
a12dbf92cb6e1fba49f4b5c84f7b4174013fcccd201d3b4bacceac479a4aac1b21743f9290de7f07864a4630707e6f3ef7313dc038ea4a7c8831b5502ba18bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
781fc898752dfde513b9439014e11343

SHA1
a5110a5bd700bdd62db9fa95aeb4e1c1f4bc483e

SHA256
b7bdade71887bb8e5e5213fd60c82bb3f3e5157a437096984e4ed57435913b92

SHA512
b375245e013236cc3bf53ff8f175a24731b49056005b91d03cad4fbf948f56fd8e8af4cf8cc771a2e29f5b666346023d52bc1a39e50642f7246bde81d5261200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ed45e875fd656ceb7a65423d31ceb75

SHA1
1e2660fd22cb340484a9dff694f05a4147d6aa96

SHA256
928f8078627e3f8f8752d42e0314afd6d633751061fe691377dd88a47c00edc6

SHA512
df2df37c8782dcf797886922b6bcb72380d108c5bc6b6cc8065c5ed89484df55a8f76b0d49b9021bc81486bc401d3b5399386f448d822fb4cb44a330e12a993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6dbb275d638b12561d09f6044737fe9e

SHA1
d45c540829313dceaf8df938c058936daa861d59

SHA256
b1eb5f36676ba0e6b26c9f39ee74a3b6888e4fecf04c051eafcdaa57e41b1c90

SHA512
b1a292db6b7a65acc2c61e5172d068878b166941dbe0cc7c234d6a9e794ee238d8084f2a2bef5f8a6076acdcb5142d4549a9ee53668a94a7ad0e396a37123ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7a7e78ddf55ad547757e828a22faaddf

SHA1
cac6a1b611e1d0843ca146bbbee724bde0c599f4

SHA256
b46b86d3e93c5d18cdc7e4079114871f0826a3e0cac5cdc1f049aa90b79c4ea0

SHA512
fa8869ead79023c23c1f8d1023705fa4bf52c3dd811e491519fa8aade9495c56573cf9e63abacafa40472ed325021c6740da901c061e695b2625015c4303dd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c2cb624e7481be458cdb17a01b14a6f5

SHA1
8cc7a21f5e953a64b255b57433380dcd0f8f9ee8

SHA256
979c3da819007e106cf1fb03d85bf46ebb3d9a30f95216b7cc297b28cdb80dde

SHA512
50651e28a467131d459bfecfb4e7bfaa5c3a558732dd0cdc2de44af7d5da0120e706f0e0a5d7d97864cf050a90c6dfaa5d24491d263ce3c1ca708873377589d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5ca.TMP

Filesize
203B

MD5
0b25f307ddf5ff2fc70158c109b632cf

SHA1
d4142c04352b3f8902a5054cb017e0438c03858d

SHA256
1abc27a5c707f694dade2496292f45051e19be7d785cd7615a1adda04ca7afd8

SHA512
8237f2c4cf3133969d63567d283b9fe48dec02cae27c9319282fd277926036af50f844a80c7a76c8d3916bb6fcb3043a9410d8c289a76ffbf53df7f78fbd524b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c6aca6cc6c5ce192b6f76089cd1f762

SHA1
62dc8f1108180f52816c13fbb3274487edc326a5

SHA256
0cd4bacccc80ccd787b2b52a36df938f7decb24291cab25ed13fbb8898465a51

SHA512
64314701048b3ff6e9449c406ff337e8dfa8d6821cf575b688125c43d7df0e10dcd0b73e837ab989f94998a3ca335e24b2efd321d2d3b03a1bd59718dc66b722

Download Submit