a54c795eaa74e48f824f81d3f5d4c7e09c8791ceb3d468a74229ba877d9c1338

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21417cf88853144293fe516dc4139dfe_JaffaCakes118.html
Size

18KB
MD5

21417cf88853144293fe516dc4139dfe
SHA1

adad014ab9e719058eabf4fc33285807f6987feb
SHA256

a54c795eaa74e48f824f81d3f5d4c7e09c8791ceb3d468a74229ba877d9c1338
SHA512

264a6020ce61abe7f2e9757ed41b40302785ae8c6fb24dcfc7e12141585d8e96bd8c94bff4cbc604b613aab6a8423f80b8ec68269f3f031266d476f3b2b186e6
SSDEEP

384:SC+4kEiqe5pFx+hREyTTOQ21PXSv0wCwHhWJ7fmW1271Fjp:SCvkFpFx+hREsTOQP8wpjaiTjp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
1980	msedge.exe
1980	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1536	1980	msedge.exe	83
PID 1980 wrote to memory of 1536	1980	msedge.exe	83
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 3388	1980	msedge.exe	84
PID 1980 wrote to memory of 1812	1980	msedge.exe	85
PID 1980 wrote to memory of 1812	1980	msedge.exe	85
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86
PID 1980 wrote to memory of 1608	1980	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\21417cf88853144293fe516dc4139dfe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7d4d46f8,0x7ffc7d4d4708,0x7ffc7d4d4718
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4061899006136759424,13048344288813257507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c9648f2dc6a6eaaa058c6296016dd9f4

SHA1
d05aebdb2416713d06735a298668951323da088a

SHA256
a8824179550cfbd96520a3163ef3ad85274e78739e0087470a219cd2713827f9

SHA512
f03b396ffc6ec48cb637e995ee4c35ab1e0c0db54357fa1a69bb57e454b837c2861e920cf213de50fc790a593874eaa21c63e2d1f469f0373680c9487540598d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e592f81b38d771da5b749081cde2266f

SHA1
576fe5a8f33bf3f4a99ab9033616c8932a2cabd2

SHA256
8089b547ef70c7b02453cdeb33475a01c4916d7b73e74e114f4d5ebfab2d79ca

SHA512
05bcea5a2a2933a209a62064255425454af620c771218b5aeccc9d392f9d5a35a4f2fd8cf950e120f29bcdb1458f1024f7e5f911c8cbd1fd97abbd44da936216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4f02752f638a6e3dbdca287d85106da8

SHA1
71b5739180272f642d308b7dc6c1e9eae48a4c0a

SHA256
2e531ae867a4f0ce821b50ecb1372c7172d88475d53d622f8606925ea96a4996

SHA512
a9f1901499fa27d1ca058e6e5028665ecb36bce69590660ea166957bf8a2fc53b2f44630b1bf135ca491f8841a6457b6a0a0e59b265d4270d59a09f8db6da13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8eca2686655320c91f1bf3a2efd0d6c0

SHA1
490b01e868dbb7026423fe95dccecd5cdedaed5a

SHA256
a04001e1b87e8e8dfbb7dc7e9115ac4495b98af72af5c722a9a88de97598e188

SHA512
96e61f041cc399830e2f67540e1eb8584d71c53df8b40cbc899f78d194aa86745c9a2a670c5acf2af88c5c669aa63a141f97b6d52b142388a95021b26ac06222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d7d9ce37acae00df48c8ac3bf2196f2

SHA1
d1e0f62d51977782f87a71b8a18269cac678de70

SHA256
3a4762f6b8a288ca84a08847c0a74762a1b8b974fb1d05f7214fe9b84df45ca4

SHA512
656230de5c57b51874cfa5d0797db269287edc5f9f79960c336e1849839aa0eca65983d345f0087162d449f3f91e38d85ee39bfb9e2320556ff2395a6ced9abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c28c3b5c2986ac6b6309e1433adf8ade

SHA1
b8db67f497a247ed7e9eac78cfa276092e820c4c

SHA256
260bb7d262bce411a55a4ea9470ad825f9b2cfc358c8c2fd4a2114d249bb40f3

SHA512
ce41c9b721d8ef00b0c614d102ad20d30e8fdc1b06e4351a4a93a3b5b7eb63721f967db7bf5202e62a5a5f1e78eb9b6f1cdf09b3b915026820aeaec5512808eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d7f04ebe55115e0d339fa6375990d1e

SHA1
226a4269cffe600bbfe6044863297b494cc16f51

SHA256
58f280ceb6e50bd2e40cf25ae895da0795feace1132002f8898d97c38905d110

SHA512
182b17a444bdc2f3e824fc9a79ae3555817292c767e00b07eb2a248fa85e4845b21000443bc98ffded803a36904058f1cabd82f26d0a02bc4d2f0fab2bb6cd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9404fcf940d60c0ba25fd1c5d873d3e9

SHA1
2b2540cc1a52cd779895208f4172db75dc4eddf2

SHA256
60831ec50c0c52c7b8a78004cadf5f73e7d03fe9c064cb27d93c47c070a8dc75

SHA512
441ef5b6725bf9bdba966c47f94b6bebf19143c69380348a071e683f942940d9e43f4c7c5322d0cd6072a97dff68385f938609d7578720f5bf808cb0ac2ca156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
279e0b9ac21ac896956aa7c54b6d826b

SHA1
7eb6ef5e6ea609a71e8d5a70e6df4644be6b7241

SHA256
e04751ae6629d294117b9030c634a7c541e664bc3a2f6df6a247c362c036f024

SHA512
1055d419faf1c4554037e90ab3c847ced09ec70c584f42c5d22b58f688316e49f8196e074f935afb7d44d4affdb4fa951c4ff78d6c84dfdfce83bc43c595f08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58246b.TMP

Filesize
704B

MD5
b08a0a1ef134fc0258f93c5ffc04ae9d

SHA1
1f91d0616ca09ffeac95f4257794446d2d54d4d5

SHA256
c2e5113b1952229cfea4587e709de488a83c4a0860ad6492e815f8fdedb1eca4

SHA512
5f5d64cc93891801c0783ffdb24ea6fb81bc283399db7c89c0df55d020ee9fea57fd9c72c8d215ea07b4f8dbc2f6b2e1d87afe5a7735b7dcc6e9a24499176fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c90b505b0e154df654a1ddf58ec89c0

SHA1
c6da53ea18e5c44ef1120b1cbe1f17974c1dc4ff

SHA256
872bebab6df1627e56a02229ba034ed21a24f5ffd18b08c1708113afd07aab56

SHA512
c1651775977eeb1eccfb734c0df95d579cbcdac5f24da328bc6081d4670dc15cab7e77f29d37cd59801a91eb8fadedd5a4f01a2b226a7d8a1e3161da7f301e19

Download Submit