0015052ad70605e0e7e820ed079111076fc4b780a1c9a332d7c2aca8770c29e3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4352717b399ba4c3b989d848882b868c_JaffaCakes118.html
Size

88KB
MD5

4352717b399ba4c3b989d848882b868c
SHA1

cc655311673541f66ded502120ab4d08c8a46200
SHA256

0015052ad70605e0e7e820ed079111076fc4b780a1c9a332d7c2aca8770c29e3
SHA512

19136a3c1faa314c4c9f3a6f3ccdb275ead2cfb4fddb151a6b0984dddd17ea5686e3396b50d328c5319e3425f57970a1e9b135d1a2fabee9ff2c61bbc89fce20
SSDEEP

1536:XWhkclYzhC5O1uOWKO5O2rOcOFmOf+G+QD:XWhkclYH1FCI2ibFtf+G+QD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
3180	msedge.exe
3180	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 1056	3180	msedge.exe	82
PID 3180 wrote to memory of 1056	3180	msedge.exe	82
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 1972	3180	msedge.exe	83
PID 3180 wrote to memory of 4176	3180	msedge.exe	84
PID 3180 wrote to memory of 4176	3180	msedge.exe	84
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85
PID 3180 wrote to memory of 3324	3180	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4352717b399ba4c3b989d848882b868c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9da146f8,0x7ffb9da14708,0x7ffb9da14718
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3869781002322425229,2867872235112233408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\881d1891-bf7a-41af-ad2a-71aab3c1223a.tmp

Filesize
11KB

MD5
e9b7888acac04ddf9c78a9d3d947ddf4

SHA1
9a9b93e94d3bf89f8521cf80eab0135edad86e74

SHA256
2a1e8848b38f2bf50d0c2057c64e6ac08a146554d76b78d680566c8f5586cbf2

SHA512
02a600aaf5a1079e8b5fd901920a894707518f704cc287364297e28a2e626be79098731b0ca1ea0441434a11578eda7a38ac3ad31020f1b4c961f18ade00a2ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
61cea3890d24f09f3b850ac41a2f47d9

SHA1
ab774d3dd085a019be424da8b3b7e9049c1af9ea

SHA256
af796a8677c638e8b77d5257bbd3e2f795b94c861a276fa1d19a9ed9e674a0bb

SHA512
c37d60df818d5afd16f9a617b61da01297fd6861eaa4b8eb8671daccdc80bd60c50298d89f114ec9b6acd355b83dc0e049c050551f5b211a42bf03bcf3607aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8ce62766d78fedf06740364d2bba5015

SHA1
21e1e8b4c86ffc239639272d22a169d15f1a448a

SHA256
4521754571f462598d50cb10f9d040905c7cbfb862c12601d8c44b5bd3259010

SHA512
c8724c2add90b0f17da024df4d79b653ad795f6a5f2003ab3cac2ee2a87aafcee5e2310cf912599a20a88d5774442ce38a6a1a5d6b02f3a828583736a2dd0bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1dcb716b73391d0fe898836b846d8e2c

SHA1
9f45c75ef053a181aaa2e8f443359c99d5aaff10

SHA256
a3677e43854b0f27b6dad9fae0dc2283efa19c76d1ba1d98933149acf88e59bf

SHA512
bc8c6b891be8df3458eea54a13aecf83d01329c8deeba47aa926a19714ef9dd9320ebfc3f1a4c0a0dd482c2f659c853d44e88f6addcdac8cb2821cb599b5277c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
51509450b6fd4ca1712627ee2624cd98

SHA1
a97cbb304d2e31960bd5f513db58bb188bac0f85

SHA256
f223f4f86e9dcc2cf85f59f6f392ea6abe1550860b80542ddc20d0d14aee2a05

SHA512
58e3ae3f1f83498122d3c5326557f6ff12ae59085f3e6a3b9f0fe166d337ded09035e0a1668170d0494a86bb64ca3283bccfee7a9d3e1b02e7ee7332b1164a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
342505adc3dd3b2c1715bae19c57fb04

SHA1
b1bf386f7070632c6df8eaddebea21e0cefede67

SHA256
f68f14e8de2bcf25d622109c803d64f74b01844b3879c16d1930f3f0c7c96523

SHA512
25fd3c629c06b7ee9453de13a7fdc2aee76f5887259189691793ad3e79e764e27e1fa580f716d1c3be8164d433f5dd8cfbc9e5c585cd50a939690a83ef8a1a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cec7d7e4b8e9a55c7ad74b1b427482ee

SHA1
d45be6f4075621a2c451870949b34a6901e8db3f

SHA256
d90bd1323ce132999636c2ded79e4541de6a8dde7f29ca0c8ce994af6eeff255

SHA512
01d2db7e96358e389b8a6bf5ffb003148a029b2a08ef3f89c8f1c30fda20b0414e11091e4518d9328f496822c58a67d6aa97503754ac29469a870cb1864480ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20d8bd1e8fa5b8c7bb28c188b7a501ad

SHA1
1ffcbc5e7c444074e4e9b4738cdb960e148273a4

SHA256
92236c88eb0d1264c71c6ce9a3522779f88df6bd2bebf64167851c6980ca20a9

SHA512
6d0e7e8be4a4d113678b1544a2d2b895cb695a107bca73995bd42a58f0258f227dc24ea4be12ef68dc6a32af21d58a54aa35d8dedb264b31f8506226671f0163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a9a.TMP

Filesize
203B

MD5
7bb3587e3d2b99f700c3aca353c7e4c7

SHA1
adb4d339c2ff5bde8f7806a4078fe56ae2946f9e

SHA256
44fb5651c323a2dcaed80dca0359817598a0cccc858da6d5cee9fa7b1ab7c6c0

SHA512
a2f62a85fea84cb57d5cdee667700cb2e4397158ac6a90411a96976d74e81832025425f8ef25672121b559a1bb868bf30a101cc4b4aa3724b6e8452cd181fcb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9d6f63e-59d1-40bf-a443-7b4c5ec5e5c0.tmp

Filesize
203B

MD5
8aa5deb2052cd87b539bc713a4517e8d

SHA1
1c7c78c2e3a58fa6f4af35f30831ddc5f0243a8c

SHA256
188df771e36d13aab7450c0525c38318267dd3ceb72e5960f4c35fe48bfb7d6f

SHA512
66205de6a87cfd3c3d612c9e4215a579471383c388e0b1b5b8f9aff8817f6ff1ef9e17e0fc6978af3b895c6676ef13ac4dee08e492593ba8702a451884e61dd0

Download Submit