01f7f3c7af77456f7712138257bd2468fce2bc9bf9fe7ff93c0cbe1bb4d897cd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28f59a99a002c260cc207cc2d5b4c627_JaffaCakes118.html
Size

107KB
MD5

28f59a99a002c260cc207cc2d5b4c627
SHA1

49d56be09173f8e97d12971d1b0699b4df64f8fb
SHA256

01f7f3c7af77456f7712138257bd2468fce2bc9bf9fe7ff93c0cbe1bb4d897cd
SHA512

10bcecd7f024a9fdd14a2c987cfa1ef2b657de8a49cf6d1a3d66729ae96353b3bb5352018d51f5855a94bcbb70b5e5362d92896bc1bb71124ef3c1f092650b51
SSDEEP

3072:EnLFLbnckaYJN3McZf+f1Zqn03+JKdXYHxjzK6No:uFjEz

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	sites.google.com
13	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
3624	msedge.exe
3624	msedge.exe
4520	identity_helper.exe
4520	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3552	3624	msedge.exe	82
PID 3624 wrote to memory of 3552	3624	msedge.exe	82
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4496	3624	msedge.exe	83
PID 3624 wrote to memory of 4020	3624	msedge.exe	84
PID 3624 wrote to memory of 4020	3624	msedge.exe	84
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85
PID 3624 wrote to memory of 4940	3624	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28f59a99a002c260cc207cc2d5b4c627_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6611894494840596004,2135727098989092770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5beb61a5f1cd680888e33ce453d50fc6

SHA1
37da24d60818be7096ee105d0ffab679256e20b6

SHA256
ba704f476a4ffbf3bbd256954e965c5bb42499006a662795b0b4a124de0de105

SHA512
6d51a8fcebfc9bc50ea5893481e05bd7cca826446e8660f534adcd64dda98d100fde91dcb83ae3693296f98dcf59b117b569e0f5f58d4125f1e9603989f4cefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d0ed55cfbc42bbba433e05e7f6d3d5f6

SHA1
72a224ace12769e6d66d8f3d167d482a49199102

SHA256
e2a2fc55ab714cd8b2a418ae998abc661276fad1b0e0e70e3920c734620de19b

SHA512
c3a49506236e3c610da9c7d01ca7b6d60bfeb999e80393a54e973d09f44487ce0cd6a9bb9c92fdd6c5d07d1127a766892f23eeb80a8ceacb3753ad3df4dab081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dbdbb128194e5fb90e45fac036a171de

SHA1
76e9b31bb77cc5997c67a1e694369ed45ffdaf1d

SHA256
891b00233949f12e535c339c910d6bfbde860265a060c755ae646cc17d4d4f2a

SHA512
c7eb1620632a094dde452bc07ee2c201e3a2f6b74e4a2ce107fcaeb29cfc4898a4c209b13c739ff649602fe581103d9b8db96ffbcf6e0ec78d2ae7e012b874cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b50e69d55a74f87224526b4537e2f3c

SHA1
4037d18e1bf41e82a411c3e0c4a9cf6b67b16531

SHA256
8bcc2140fb92713b7bbc6561041a3a4c7479c22f69567792c9036deff1d19a53

SHA512
1e037c184ab2968cfdfd4ab5cd49278751fc2fa40d5e77ae9650183a108315208dde84497645af7518214e713de514515280323786c21052429fb5d7007f236c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25af2533937f52558ecc16aeec0eaa91

SHA1
4de27d870c7b91e7eb25e569d48639f9e349d087

SHA256
761ed5928bf51c6e3600f8439f773599a1ef43ae6797d61857dfad32e2b62da8

SHA512
299e8a3a149d51b65ce508bdce379398a123909c2104e63d79461e35b139da47923de7d1a34231312654dfeee515029b1ce224f1b5dc39b19a3ed421ec628733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
797b8d2d4f353a2061f2e519c710eae9

SHA1
17ab0e89021925d85c188544d01ee94e3378b5d1

SHA256
28810d7f02a496402b37bce35810c94658707277cfdbad78857130f4f6812fe2

SHA512
b32455ca0368f696ca49d54db8b8acd30ec40b96d21e18323b7e45f7c55eb7b8606bbd5c17a9d6b2ff6aaef35f98ba209488811c978881fbb0d2fd0127409b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02330d47bd7c9e38d437aa063dcd01fa

SHA1
bfdfd8fe21a7953b7b876b6c271edcb620b74065

SHA256
39ea0e6e11451b2c0f2fd6aaf6e95bdc0c1eec3b6e8a11fd85383e789be01fb6

SHA512
a546cbf839129a6cdd975e664e6ec19192a508f22c6c7d8dac35f7df68139e994c7165d8fd5b222b186e9046b00a8c2b5166d326540857a0f0d1fab5718776e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
c6a95ca22d586d13bc43f13ac464eeb9

SHA1
37779bec938dedc0929effc956100b66b8ba57e2

SHA256
31a28c1872647871ad245018c39085bf2d947b3f2a240bca1cfe06a76e6e31be

SHA512
9f9bd2e0cf0c13f4418f5b81dc4997c3d503df357f22db7ccd0cb22c2cb3d45a9cc6e420e1f8102ac920374c7a9ded2526db70b53168215a5e9e47f0dd411acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582dc2.TMP

Filesize
367B

MD5
99bbd3689d894d4b33fecd76a6bb72ff

SHA1
87edf7860f2040a7a5c7558faef37c941f81ff13

SHA256
024d4ec259573523f6c975d3606433b69324966fc9e75549666bc05c5b244fac

SHA512
e05b2eb59b34e6f3c55d54ef4c2ee63fd72d81c9b79a4159e123be753603e3f432934a935c2d22cc4f795caee121b3bc79c49eac1c42758379e568ad8045a312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2681106-29ff-44b6-a3b1-1aad76cd282c.tmp

Filesize
6KB

MD5
b538146fa1ebc02f7c33ee46386125d3

SHA1
9936de2c4e39fc5cfe64ea3b022898cae915ce2c

SHA256
aac76ac3490f9f5a380a52bf6e67e8f0deac90325bfa2cd028a54167d00f99e0

SHA512
88c881d1b20c46190ff4e652cd5e22508b0d03a37e97824f67465bb4a6e67cc13f47eb432654b464518fafc0bd38e9c5b21b4ce27e3c7d5667880198e1ba4aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
558ab6852c826bb3d94e958b2dce26c4

SHA1
88420cf3223d2caf1b6e9c392af5f3e12fc3fcd8

SHA256
0d9c5c55cf6699e87277793e4cdb033c182410516c8635e00dd019f8522c5fcc

SHA512
2b088a4aa470f3ae4a01b2c3ddff46df5cb493a17024b03b33585c7528dd595318066bf824f7aa9cd25eb801221e130f451bba1c47a567f8dc7aeef5068963c8

Download Submit