4f09b7ab175a15b3b25aa507f1c476cf520f946c2bc1eae9f388e74a06c50a31

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d41c518da01ab639b11a21f412f4dc7_JaffaCakes118.html
Size

117KB
MD5

2d41c518da01ab639b11a21f412f4dc7
SHA1

6bbe6d61f7df564f78d13a243342c325ab6b467e
SHA256

4f09b7ab175a15b3b25aa507f1c476cf520f946c2bc1eae9f388e74a06c50a31
SHA512

cf6d55173d9e38b962ee286c342c0eb6a4129313f308407dfc8a9909637d3bf49d88c60ba7df8f93b67e4db57433b66e16616b9d56ffbdb074c9983968805806
SSDEEP

3072:QEOh/SSodbnckaYJNQMcZf+fMQCqv3+4nrNDB1dt2dxmUqNbrZSur:4h/SSokB0x

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	sites.google.com
11	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3584	msedge.exe
3584	msedge.exe
3156	identity_helper.exe
3156	identity_helper.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 212	3584	msedge.exe	83
PID 3584 wrote to memory of 212	3584	msedge.exe	83
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 3596	3584	msedge.exe	84
PID 3584 wrote to memory of 4488	3584	msedge.exe	85
PID 3584 wrote to memory of 4488	3584	msedge.exe	85
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86
PID 3584 wrote to memory of 3248	3584	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d41c518da01ab639b11a21f412f4dc7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3486599981949218363,8202868932840634417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
901ca4f7dd435c40dad4b6604a672571

SHA1
c6ab6c4f944a22d6a93fef2b1a326adb01b01029

SHA256
376138806159aa874ea9a10eab465065c42399a8a393cc979a161df041615371

SHA512
4b9bf02c23ba6f8ce97396db2418682cccd8762a308cf9fb45239047579c22a45d9c12182cc822e0187286e0f3f6510cda1d6b5ca3e9080bb3684d87d0c10d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f8755ddac339ecb72f82be8252c69095

SHA1
bb848c6703357921423db9236ee66a6d45b78db8

SHA256
2c4f797e404e1254af886cf3d3777004c05b9ab7cfaa4f05c1585d4de858706a

SHA512
8bbfbd149a535eb35e2fa29317392fe18d13ddf169711f15afd11245d78225d7a5a04df176de012bae0c8749caba0885d62b3e9f56885f81b3b42996e4c9886e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
942fe99ed366deefe3c1f111df92b6ae

SHA1
a150bb24ec08fc24266fef1c3d8caf9d398e947a

SHA256
0597b374e23a67a935a03233a821ab098d95784744ad4b2c15209e06008a7f14

SHA512
da4152b4f228d0bd6b1cc4e77d1a26f63e0df64d659f2a7509224b7df9d7d03e633b5550f57c8bad7ecfe72464d95ce340aafdeb9b99cd9aa998a97010832e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2189389b2c8142c8d9df8a147c83b1f5

SHA1
9c7b1a40e05ddf14b18fc3e30094655ae3565f35

SHA256
8268a0e77d8ee5a97cfc2097728fc736b12e749e11a9a0c79f9c4f36220a3bc9

SHA512
2f2f2b9bbcbf40d95d89614251f21c918a93568d660f7b8f58f22a966c00b6e2f54b7dedefefdb1f06bd5d3613122faf9e9f184280cd5ad6e345ce0849fa81be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1246965901147921bd8e3c84ae4466d

SHA1
1711feb803479be59ddf405606bbacbaae76744b

SHA256
2bc9e26eadc1e39e5b776e062d32f16e554f8ef250e6ef6f847fb234fb36144d

SHA512
a757f6957ddd01450b88b74c23dc89443da03fb8e92a2e857bb7ef9e013d42d967bc76fb69bd2449c9db38535097326f04eb61c89cafe83afe24874f35e7c8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c0cab2bb8b9d797390fdc5bae26135c

SHA1
058ff0a95f0d7050794e498384a1b1031b3c6392

SHA256
8363bf975ca2f09225e945d7bdd34075f251d13063f7f1f79a92674249a9d203

SHA512
f9d5c07cf6733bb37adf2fca967e3e949ea1c41cbfa93840e02e2e46933c95ecb1b899f15b472003df778c13e5b1be06e1988b5d25a1c5c23daac6cbb8352be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d006a63686363ee7d648315f36be84b3

SHA1
bad835257838b63181ad4785284d6f3102e51a58

SHA256
56afbd2b52bb5db0409cfaaf34cb0be1d231928fedd24702299712d360e312b2

SHA512
2ed696598cc97cac530ea92a7b026a14348396a04f3881528ef544db8285eacbf9c354998ab07f732558e2b384c91858f869b3177460d75815475b26bfbcea4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5328566567ebe5956bce819130badf7

SHA1
c82c8e920ee41ca092f631372052e649c6bef2e5

SHA256
7ce5b7fc3d54641001cd2351ea4641a1018e0d7be936904f237cde2b778a7233

SHA512
0c883941a016026387e2bceb976c7ed5418e2a8edf81f91fa863a77dfc50a2444186ceaa247e79cd50d1a161020116edf2c5ab7b1f8e8000bc9af8414198bebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49c7ad6e676a5158034fbf1cc285a241

SHA1
01be863cf44e41fb8133ade84799baad7d1e9c7c

SHA256
fa15aaec4447fd23af031caa9f9f41d673e1a35892f3a0faed2bc7c3bb54aa93

SHA512
d6e0d009a862e2cacc3caaa5a81b03fea686e6bd84551c74551b123e14f990d05aa27f847c142f7770abecf2912440307ca3b96f70f4727938f441e737e46740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5cc21f3dd22a16f857dada58e55f1e5a

SHA1
d31e141d741c38c66aeaa7f26ccedca5f13e2a84

SHA256
1d6f069fe6846de1b08a5b74b2e514480597e7bf1f0af8efcfcb2766b4857fbc

SHA512
1458cb6360afa0d257fe57285756ff86d5ed28f3f13ba1bcc02d97896b0f8d4f86c1f9551315f439b14d81b6ace28e479dcdcafb343c15c4b06e7394f2089b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b03.TMP

Filesize
203B

MD5
639a9cac4c1136fe84847a4d5a140914

SHA1
b86e3692f3c54ff45e19e7802bcc6a6ec27a0d43

SHA256
08157c33c16879403058cc70df9a831c14dd3c750b2ca66ec6706eaed691afeb

SHA512
6135988749600e4cae3f7aa9aca48575bac6e079f3ff5990f814dd8042a95aad3716b88a84eb5062c47e372e6f425de5c1d83850dcf5d697c83a0eef864dbe89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f33980dc24f57e49fecd930d956e0490

SHA1
e6312386ef180d3ad9b46e347dac5dcbf15371fe

SHA256
d873201e81c7e46ae048751a3378f89e56596e364243be31a0aa2bc2ba54d73f

SHA512
9a310954a9ff62a8f6a4e089de1cfc89f53d9707105fe3723d70f1a3c68903033366b02c7bbc7db31ea832ea609a31bed2e05595609cb991447bfeb32a4a3c24

Download Submit