ddc4956aac1f7201715835ed9a5edeb367505ed8fb31614deb41bdc3cc9258e1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36b5c45e3acea09f4dcb864acb21187a_JaffaCakes118.html
Size

251KB
MD5

36b5c45e3acea09f4dcb864acb21187a
SHA1

e882bc0248a93acd6200b408e367108c9ce1a145
SHA256

ddc4956aac1f7201715835ed9a5edeb367505ed8fb31614deb41bdc3cc9258e1
SHA512

1e44b7da7b98a892c6a78b0ecdfdc614de488f45e891a9dcfef2765d771dd0e30d57fc96b78ae6005925c549eca261c61325a3aa870f53c5e870f456b2fcbe53
SSDEEP

3072:p+AwlpJg7L5pgPxHuap3aKXDbhc5UUaB+SiJzlzHa3:p+AwlpJg7L5pgpHbXfhc5UUhSiJzlzm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
4172	msedge.exe
4172	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 3068	4172	msedge.exe	81
PID 4172 wrote to memory of 3068	4172	msedge.exe	81
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 4728	4172	msedge.exe	82
PID 4172 wrote to memory of 2020	4172	msedge.exe	83
PID 4172 wrote to memory of 2020	4172	msedge.exe	83
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84
PID 4172 wrote to memory of 3008	4172	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36b5c45e3acea09f4dcb864acb21187a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15793299600948706113,5644099784738331153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
90754579c14375ed9ac9bc72181e9379

SHA1
5833d3b3d4c5204f6fdab12aaed90908c66f73d7

SHA256
3356f8fc9240bf5146a1e0a22613ab73458c0e9d86c56b24776803075baec371

SHA512
b966cedfa22d8e3f23af463349aa1bda3526ba594f387783de81f42c836e7643c3411e51ce9976d00701ca59a98e610a3d7275d315536dfa50c015cb328dbbc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
50KB

MD5
6b0df1d5dec3b3ab9029dad4b68b86f1

SHA1
e4c08deda87b955930652e72b925338a45f9d036

SHA256
d5591f372225bde56c9e678fd2a7590957f30977088a7b6a2a85794067fa4af8

SHA512
21ab7059457d38d980697c7fe8060237edb82aa60cde68f68320438cd06f927e24d2366f4aa819b763af2aeb75c711761214258e53d8504cd435fe85a2c275e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
50KB

MD5
036a9ca57d8d3eea3be4617bd574bafd

SHA1
620f803c760f29a8b1a09206209b1f6b1cef8990

SHA256
16d5f78437505b9b4c91e8396751995cfe211a973155a551ffafd395a2fdef9e

SHA512
2c239717aa54d8ede97e29ea73a465b0014c6550c5ece67ea66835a0663b7c6d1660a23c33e0d7fd3e5b5bf81732d23eb5793c74234bad6908be2ba394803310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8b2cae1c989a2cba1106c1f1b9bda762

SHA1
7291342758578ba02ee1d87b0a945a8326d597d2

SHA256
26d9267684480b6005a2d833347e39a9e1f1e9797a6d5e5223157ae6692b10a5

SHA512
1ab1c2191ba052efda27783cf36e37d1a916a16a02206502a29344c2d8bad28a313c89fe9104e1258950b5fc7d1bee8b81d2ff1abea5b4e2e621d3c50d2f56e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6acc9f21d9290b234717209b01cf59de

SHA1
4fb5d3a2b6d9bda3bbdf7dba799d306dd168efcf

SHA256
cd09c4e86e34609c0ace656f163ba9aefadf0273b6a0115a68133b2d4438a393

SHA512
9d5d2cf84c51115ae925aef4723bfa5cb95f7c221674a8b4389f4373424b41feda3f3d86d834848efed76741b081aea810718dffee1f5436099c427b295a3cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9e6e1c8635773f0df7e836575ce0cee8

SHA1
4b43ab47af232110d3eb198b06cb9f6dd876cff6

SHA256
b21e12388cc01ce126fe6b23b96f1e776b9d6b40a14b72c6b0ae2253ddabc748

SHA512
ff507b3b0863d298f40d12f652a13d58ae2d75cd4bb5dea7fc854c9d285f01d9a75393d3c4d983d3af93aa84dba74e9abf68bf44d4888247bf2c96f88765dbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1878ac1f4ef27b063ea158c93e60194d

SHA1
52fa7e03029cd26b6a9ba0ad6998b0d1fd25618a

SHA256
0e734e3a710a0ef394165dac58e8395c5a1c740a352c3a3536034958d8113d9a

SHA512
c676ff406e98d0f3a4ec37234b39d59a9b21e81aa3b68fca792fd5f4ea0d3d4c01e04731cd26fb3df5b7a27c2734e4cdede6ce6600760976b9b37b0b62807e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81b10c3aa9feaec9dec99c2a4c06b508

SHA1
aeb9542e41ab8b430c49b5dc1d2e36c08426e5c8

SHA256
37bbfb1549ca781b4ef35638d573ec3a41924ec634b09fec5b83e6351b1c8d11

SHA512
a77c013c60c6e2daa0528f06193ca4ff59279d37c79bd1fd999124c88e24fdc49ef0abd61038a1431e4f5a4d7df1c3794ef067d01d93b9dbbfe346804ba0659c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
270e9b01808469c5568bec33cb0e27e8

SHA1
1d74f8a3e9cb61bf2c7c0f8ebc12dd59a1ed47be

SHA256
b53116298cca3382283ea7b8d391df347972e1eb5da4e59744071cb1f97c194d

SHA512
4feee4e066e02809d03550942fdd9d412c69c986bc8599868df67e12f62bea250ce15b6242d50411b497ea8fce43edb295b0c6a2953ddf9583a8710073fa6914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2f6bbd544c6b672f49ca32cbd8260cf5

SHA1
dcc506577d3fca65da64cb25ffa64bbc06dfade0

SHA256
f7b044c860733eafb06dbbcd6ebc4c87a87d94a0076c5b0c61b2464d60595749

SHA512
5dd5a254b72a4ebaee2208dd923e06937d90264b276449a7266e3fc220c5a2af2bbb2d0b0fcf7c4cdc5b8abba5f3f7fe2d4738e0d13c9086b5f3ade101c4a900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0a1ca86e04cfb1cfed75a6e38fc3a7ae

SHA1
d9696399dde8242d87b91ddbb76782ed1dd6dbe4

SHA256
73ff912b5ec5db6f83970fbdf61c7e1afa628efd62cee1fd8a85eef3b27bc10a

SHA512
33dd6fb48feaca936306b004989ea7f15a434b9bbd2711b5e7c861e51657bfb39512a8d3f758600e9b23edafea512bc00e2096d72533b1e9ba00a2e504fdc65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f58b.TMP

Filesize
203B

MD5
6c7b82b8bd58ffa12a27ad3bf859baf7

SHA1
ea863be7e8e45144522e77f5584f012833375368

SHA256
ad822839ee43cb70f0661003ab9c80e84980e9e9c9db1372b822e8121b3dd601

SHA512
03ae79b67b53a89274bb89a3d2f609d1eb41f0390766923104cd09edf11fbe9f3ace0ddf71bed4ee64ad88d272c41879440653ad53516f2e19394629193275e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
207abb7dcc3294769ac0254f50625279

SHA1
f146079b1bcb1104ad122acb4870f174b408e15e

SHA256
92ae7643abc821630d3a2fa64830e32969d9544b7a9ca0beb101774c5f0d0fe6

SHA512
fe34aa1dea4c0aab1a4cc4b39e670235a392803ab2151082a7c8282b265eb43f042543c8b0c9a22522cfe14e8c91f019b2df6c7d03f4c8d6744ed645ffabc679

Download Submit