32051e2d8d2da2c7173414aab148672597b7acf2d7d8c8ffad97417359dc93cb

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b4e7ae539e752df3fb46cdb985b654c_JaffaCakes118.html
Size

78KB
MD5

3b4e7ae539e752df3fb46cdb985b654c
SHA1

d7dd0ca3f358e8df5378f85e2f8e89eac00bf1c0
SHA256

32051e2d8d2da2c7173414aab148672597b7acf2d7d8c8ffad97417359dc93cb
SHA512

6b8176094e89751783d856cb05f4b06d8eeb02709647199b0da7a0849ee740d0d06a9cc6ddba28c429a4c2a0fb3492d0ea827bbfeaea260518dde656dcaf6192
SSDEEP

1536:HPMLaHPcWLFesI0K382R4eNgeXsFqtqmqjqaqRMV4eFThDq0q/qSq9qkhh4eFGFy:TcWLFesgMLe8T6Y9ZD1bwPHk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{003EDEE8-D568-413D-BF00-44BEA34293EA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
1580	msedge.exe
1580	msedge.exe
1236	msedge.exe
1236	msedge.exe
3352	identity_helper.exe
3352	identity_helper.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 3424	1580	msedge.exe	83
PID 1580 wrote to memory of 3424	1580	msedge.exe	83
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	84
PID 1580 wrote to memory of 4716	1580	msedge.exe	85
PID 1580 wrote to memory of 4716	1580	msedge.exe	85
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86
PID 1580 wrote to memory of 2500	1580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b4e7ae539e752df3fb46cdb985b654c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44046f8,0x7ff8f4404708,0x7ff8f4404718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9043615252193324665,14548688530701163171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
52f5ff621d7f2fbf1a0af452bff45765

SHA1
053bed9400bc6fa0f073b2e701ecf6bb791c72c4

SHA256
1f2c86bbbe7feb73ba13df82f16d3a7351735d590375b5e45b71a1883d704cfe

SHA512
9e343a8aac964fdab52be0ca2dcfe3a36e14a337c9f852f1ff20badaaedc81962b32df7c5d37e5a9aad4674d954bc83a2e97d32313cbf297ad6e5834d79d3853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a6fb387ed97b98aa7c7e39ccb44e8413

SHA1
fbc96a03a187196677f9b2be69f3e572928fc979

SHA256
e788f4467937639cb9c9fd6596e56d122c0074c10564e10ed12b3d64c87a0e0b

SHA512
3d81cb05f442abb066a525e850ef234365232b5ae654e1d13321fd5e0fe4e636fe7cda352189dd94daaaadc9d566754e99bab46fe2368dfec12a1d6052516be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b6f5ac2c5a524f7a72b5503f630f16e

SHA1
c1b84aa23bc326215d2c05e42d13cfb5cfc6c7f5

SHA256
76c63e46207ac055c65304213f803d760e4a1d9e21a26101053d9a359f067c8d

SHA512
cd2510243ea4076b784c11fa78a7e51767421ec2cb00452e5a54c6ed586df1c331201cecc491db3102e3e2ffd3ccd6ef2f2da52c8a6f45c72589ddc4a6aa2d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53c83692521d87e42ba9e169f46cdfe7

SHA1
b5fb1702082389833db5e9bfe39433423b7774a6

SHA256
e4e47af8f2e9b35994b580873e578ee9900bbd06fb1759a0382561235712a471

SHA512
a28208b226eec1f48c19c9e0835bb5c85fe37ccd6c690ab69e9739ce33e6ce63c03f95e9c56920ca9ab8d9c98c648a7cb7124b85fee3979ed896b0e9f1da191a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e16811b8cc2e43807eef4f1ac1128ae1

SHA1
3902af3a64d37e839747b34bb949e52b62ce2528

SHA256
1011a7ebf7d4e033fce20f0c1624f61ed9f4f9e45a37caf93ed475d290599b06

SHA512
b19a12ab4110f5d22fc972f2dcd79503d2eb6605fe9c51038916da226ebdbdd84a837e2d498ad2cde6458c98d1363644ebb0d5d792955d66b8e87c4c08a1d91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f86b37b78f1943de70a6ca273c449d93

SHA1
5031d856104d5f4a99ad44faf8b1f06e0e654ec1

SHA256
1e352329f559cd4ae7e1407b528ac83b3478503cadcb6a4390e49d4dd980b00d

SHA512
58da41b5010eb3fbe481efea735aac9ee271d901cb1050a317226e8b06c04b254386adbd994ce7e04c61f4e0d92aaaaa33feec8826515311e67c266c81ca0d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c20cd732b82cc33c89251a0790635e5

SHA1
5e54e7bdba6fd98321b910444c1dacd584a6f3f1

SHA256
54e38d0b5347bdb3b24b82b1e63ca55a7e2e2e7d05ff370092ca2d3a8b561fd0

SHA512
a13dcee4a9d6b04abf1980fd5794032a08991359d0e221d352331f12a7953da3eb1fe2d11fc99690a6cd923d5bdecbe33a8e57278ae0e585ff0ba1a359b9a873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7aa7bc79fa9a5eab48028d693b78ffd

SHA1
07f2e73ebefd32d24d4a2e1ba74fb5e87a2f3730

SHA256
ec44b8d0b97293f393520b3e48b51419e379070f7874fe0d69c95348922cd3e9

SHA512
c9f4268599cf002e7434ce077012fd0abd23274bbce896ca854d6c767bb4b1b8223b7ac8378f361e0adb2cf70af3a7c28cc9a1bb0ea146538c744a128ef7d5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bb6474b95a09decff9ee801b6aaea71

SHA1
eb9cfec347923258749a152b78152cb8ba09c3f3

SHA256
fcfc8119c8dd57ba8ba0233b99d25be682c2ba5482b76874e5774bdf9d0f436c

SHA512
be607bc75cc7b6551519ef7f599b9763d324f0b8428bce31fc544ceff39a3ba3ee2bad5ae890c65bd5c56107eb4565d25d75508aa3f275d8eb843b9b8bb0dd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad18.TMP

Filesize
1KB

MD5
9341024a0c140ba024bc41706b2ff937

SHA1
0acfde13f973e754284fe6af5e21e853a70858b6

SHA256
9b3c2d032838daf29b67040486334d4a337ea1780c7d19a60ea0954d6f2075ce

SHA512
54eb7d77fadbdb622717762badd16b98e3ebbe2a7d2615ea72904d1bd2602a8646a3c7278c59008338e315bfe6ddfeec10ca60be1df3e007da2de782fef1e0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79b38f85c5c4fbaaca266d39c091ac60

SHA1
1f9902749a899d9b6df41de8666bd4eabfa02d1d

SHA256
743ff0c9229bb40680fb58f77771d294468e7fe94de2f014fc24cbac1103acd9

SHA512
cea90b04fb6c2fc91c185174788a0b8750d47f5a75b6b59e8dbf46373df3bf0725abdad5881dcb20a27805398ebc201e27ffe4f8a920f6e5280a442275659a96

Download Submit