edda3e1c71c5aaf55917fd9c9c20d10ba0956cd5a549ef36f654833aa5c2e4e3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36bd142735655798ce2aa896c21f0e4e_JaffaCakes118.html
Size

22KB
MD5

36bd142735655798ce2aa896c21f0e4e
SHA1

da6dd17db636159a98f9a6f6502ef0a309d54b8c
SHA256

edda3e1c71c5aaf55917fd9c9c20d10ba0956cd5a549ef36f654833aa5c2e4e3
SHA512

61f8650a21cd181ba329a4ef195ce10ec58c300e9a75521205ac6575b39f4b56ab0cd24a556a28cc01f837159435d8effb5908864884d0ec05c9334bd4019053
SSDEEP

384:tpAvbybHPlRokM0YBYfOdQnsSMKMuqPpHXum75YxMj1esgtC7vjdJsMhus5gvBg/:A1sSv7+/vWDMOwSFdQikin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
1564	msedge.exe
1564	msedge.exe
932	identity_helper.exe
932	identity_helper.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 428	1564	msedge.exe	82
PID 1564 wrote to memory of 428	1564	msedge.exe	82
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 4028	1564	msedge.exe	83
PID 1564 wrote to memory of 2756	1564	msedge.exe	84
PID 1564 wrote to memory of 2756	1564	msedge.exe	84
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85
PID 1564 wrote to memory of 3924	1564	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36bd142735655798ce2aa896c21f0e4e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5886008488843251858,8606172069537939470,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a55ca45b43571c6abfee2fb4eb648275

SHA1
d0d8732a260301964104c871cb7496134e287a9d

SHA256
6d29da6be60199afcae475a5c435c6ce5a4d535d9b8633c326f5ee31883833ce

SHA512
8afb6d6aac37af2c6e76bcb24247e76be68bc49c71636337a0c851efda5159e9bc92d7c4be5a48ffc939a835a460cc3dfd8f5ec99c2bcef30bc3526f0149a447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
524f5bb521cd69bdd1e5647a0e31f6e9

SHA1
90c5a2e71feeae6f426350a145066b026e409a96

SHA256
d2a0bf334b30ed5a921f11f6345eab9171155c8147716f4fd779eda1cc60b7a4

SHA512
e60e61792369b1865ae55502b52d9cac2d82ec865e9208b1bdef821d3a65fac7292b1de729c3ccfde0d5275f18718edfbeeb8ad0a4b7b596c71173ab6e555187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3cd6118513a2a7cdd4d64d305128b641

SHA1
0629b600a840a44d63dfe737e565e33e9ae5655b

SHA256
6c7aa5c16975494466035e50910f862a427322f2bff4872376a040a9f551f959

SHA512
5a1bd213f2efe858031a1acb8fefa7210a942cbb91ea31eef52f20b108e055dd7ac11211b3da5867978c4ccb1e088767f3fefa69712706141f298ddef806e31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
304B

MD5
56b2677b43829b4a9cab645e06eddc49

SHA1
e6f9bb4e33a2e797d3a09aa70ce53dd309448a3c

SHA256
f1304e9df3dc06c32f6feaf6ebbb959928ec0b97b576a34f6851d208692eb322

SHA512
2c4d36718586f87dc84fec19314720b5285ffd613cd825e7ce7f48d5c6ae1f28c35e16f9d5436e4d06ef38921ed23dcb5d588fc176d2bf211326b8e4b917e691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bbf0065104ed0595015c920ebbbdd806

SHA1
e20318647fe72499a9014ecd5941346d77675d53

SHA256
48fa41c5c65a6f90df786320a47f95db5811a2cffabb6f4d51b34ca796746bd7

SHA512
3bf0c0f1d1c86159efdbcd620c3a36090d9178af30720223ba90caf4b135fea046c337be0193ba3eb3842b7cd560ca7bae2e937ceeac4b82cbb5eeb9d66dbb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
888f3f9439847feeb518ad46447b4ef5

SHA1
5dc51468bc7a30fdd5890c5a30a2f16cb4bd610c

SHA256
fb3cca6cce35da8d99c39e3c24719b1df7122c1020696af904ac41980bb8481b

SHA512
c4ac2b65b5091fbb5a71c59a9aa16271fd629c54d6ddb98d2e1f24a7f96163cbd7b2e326d692a30141439bd6c0a2c37e88ddd297f60ef9764cde1a5044dcc561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e078f57cafbf73a44582f10f881e1c5

SHA1
2cd7dd98e98c3f5a420421aa48c09eef383afacb

SHA256
10eb9f3e551a6c656d0267d6e4729b002bcae182504ddbf019e2628aa4b3ccc7

SHA512
8730b5abef2791a4592420b4bcf078c1461c04975950809ef12baacb58534f5b1fe1b78bd988668257832907c3e7d5aa3cc6db1d36657cea00f6b5cb316dbad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c3741ea72a1e8d4d4eb4e201c50aa458

SHA1
a68f46614211541a491223afa32d953dd147cfbf

SHA256
fde075d45c87b2f46d9d12a5f38c976c06324a923fed6f94a58a2f9281be0eef

SHA512
3ec0894bc0daa660e3ee42c81ca2a0dfdb818dd737acdb0ca114ee0b5bf72843449bddb56564239a53c2b8c64358875bedf55e4099eb20e50e3606c6632f5d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf42.TMP

Filesize
204B

MD5
94a06dc5ecb185171705f455ff23754d

SHA1
23ae9a9ecf6a4e5271069e4cc3a4ed0ec993f449

SHA256
d5907bc379495f905ff221c9d989a1bfc18943e9ab9cefb329fa58697d1fa99b

SHA512
290fdb46fa99c87599ebe9eed7e31ed3347362aa53b5f7ec1e95dd986f8f02fa009507fc5365142c56cabeb865aa032a6cfa3b252314ca28ef3a4ed045b8f073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f51d4f55e55556bfd03fd22fa59d67f6

SHA1
4cbd2022d6cc0f3a8615fd8ce023db9e5903ce0f

SHA256
e3804c071db474f6087eda2b502b771a2128b50f70621ffb90da488ded136f58

SHA512
e1ba4e425328ddef3623a24fa1bded06999709d0f58091d0b43921ce0372072d3a14840a96fc5b4ee6ce52e57f9a5c117c4c5c0357fed5f145e90ae1b2353729

Download Submit