8b09b8758324f3b94b63992e08536b060cc4584067c959eba447e4e5c8ce8687

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47c996a2b2a516c61b952ff1f11779cd_JaffaCakes118.html
Size

204KB
MD5

47c996a2b2a516c61b952ff1f11779cd
SHA1

3360969204bcd30c971f4fc4b8ce45ca20ded9ec
SHA256

8b09b8758324f3b94b63992e08536b060cc4584067c959eba447e4e5c8ce8687
SHA512

5af4cce4fb37105ae6eb7045b3cb48502ccf1b5406bfd9125d04309e0e6280e7ff326d6a3a316fc417f625b07569cc6a0e57161e30fafe7d8143bede9ede23db
SSDEEP

3072:pnb+7zreebDH4OEx77l3hFDLlrr+/Ra1SvUL3KTiFMB7dheI+g2:5eqeehHr+/Ra1GmR

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	sites.google.com
33	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
2640	msedge.exe
2640	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
2384	identity_helper.exe
2384	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 3388	2640	msedge.exe	82
PID 2640 wrote to memory of 3388	2640	msedge.exe	82
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 1320	2640	msedge.exe	83
PID 2640 wrote to memory of 4724	2640	msedge.exe	84
PID 2640 wrote to memory of 4724	2640	msedge.exe	84
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85
PID 2640 wrote to memory of 3568	2640	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\47c996a2b2a516c61b952ff1f11779cd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe542a46f8,0x7ffe542a4708,0x7ffe542a4718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3367790337166512508,14066886182458247503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2de5eaf8f0dfc4f564fcb076c25ad7db

SHA1
30f7fde35a002695d0534e810bd13677fa87ab52

SHA256
705454af64a1a08e803fcc7993d2ccc9a3c4d2812ed738eb13621f9d5f24ade1

SHA512
3f0f698f6e4edf36ee46a3c34cbcecd4575dab06fe480fbdfe28e9a33ee2abe8a18906c24029091e0a9a9de19b16da9468a3556355756a9c5cf5657228fe2886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1a249d59e175fb728206d434ed8dcb37

SHA1
77e25b130a080c3eaff37d157d2af0e10b8f3de1

SHA256
050e485e366f63a121a4a00a138af6718548bb7472477ce63eb6738c2683a43f

SHA512
36ef44c6eca907124b13ad3d2d5e7349219ec6c085f052ece5b4afa86d32b7b62dc043e5ea725af69a2b76682d13eb775d0382829b95cad91d39257f7a356ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e45d678b4e55e45e91d72eb708d877a1

SHA1
e104f98c8b1c63c6e42e98458536add4461954a8

SHA256
f7c4df4d0d6192cb1e73f49c65420855e6b252ef16a6bf1d33f35e5899298d4e

SHA512
67bdc2728f653830a4a6593ebf1af0d00206878edd98a409834e7218ddbe14c6a5b8697478d1901c108c18a8cadc68f00aef8afe27c9d427d778626f86ce6856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3ff8f4ccd343418d1433788dbff93b4

SHA1
dee8bcb9d93eff250371152424ab66b040fbe23b

SHA256
6dfb097ceec1499ce995e01c671307f713c21a8fcb4466a970bae3d001f6918e

SHA512
6c65e5487f0f32e4b22b209380d3645930bb93abec817d3e36ddf196d5e14e76db0f4e262b5d7614ec97a65ee0a96b74f16a0e0569b77a55db1bd7e26ae6cc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0196e40fb83d8e0b53929e122a7874b

SHA1
027b49e30cae4347a7127d1797dddb7a885bfaf4

SHA256
f895840ff8994dd0decb4767a1406437840a98af12500726a86587d8ac3bbf60

SHA512
9e121fc91c7c3bb5b7582b98536a8ac1299e0df2e325142cbecfef3c5297467509349c933279a1181bc41e3d7f2d25a5381c97bde28b3bfa7cbbe6ff72742a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39bb0e15a04c14456c61e89ffa4b3616

SHA1
18d4c6fd75c72d35c03241fb4caa6dcb5d2f6481

SHA256
6b64b2276906facdca1f45858df9be34e6fb369ac6493665c40e20d9ea8bc835

SHA512
38612c0ce3be96c3a55f590c19b374e6f583c245f162898dfff3ef2e9b717a74d7cdf3f670d3c2eb0a820ea5b880a78203e2f4f72e897c8d5e999b43edb5ed5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
970ffad968e8e0f15365f65f7f883b43

SHA1
f1a8132530d3fb4766e1a72e237d654057442b34

SHA256
1b09dac09928cfe0f6aa1ae77ffde02cbb20285ee79a000a145401d337c86802

SHA512
43e8d6b846a5a8e8891262dc0282cdf5c8ec5c4083d28b8f584ca7e7836ef384404e36864fd454e944862b65fea14863367f29be157ac236be300af394bc1ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b231d9d4b76667f055b10e2446cefb35

SHA1
0f56d53e69c43909305af8d896effdbf55e07cca

SHA256
325caff11c5ff4c2110a572e249f890edbb8c25b5c448e6926a88367ff45cd86

SHA512
ce043556d4f14077f5b7c56264dc0812a8c3edd573948a4c3d513606536df974d3eac7e73440b1da5e919d0b42aa41b78b0669301fefa6301bf29beda1626145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
af11fd20c1d722ca6f1311cfd943608d

SHA1
9504297d314dbf7fd103864ed38cd9b578b377d8

SHA256
984c173dddd1510c4508f9ea0e23047cd7e4ebe7cd8618cc19e00cdc4ab39f6b

SHA512
48d6c6e49bbc72bc2e9de8d63af9e4a82e24bb02b892d82feba5c512da9fa582564d3234b37d56b6e03db3643d2e44ab0277e6b44db05d75a50cd0ef42c991aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d784.TMP

Filesize
203B

MD5
9f1e794eaf0d103568e392d30be572f8

SHA1
644bd8e64fda27a8aad58a309a24044529455a98

SHA256
808eaf7a1b2b930c78c11985d2707899ba9ac936c031ac8fab884df265d55e2c

SHA512
e4b1a7465f1a21680e718b9509fa27c6f60f38f9c288cb95d6714f4b82ddf5b23cd588f1b5b593d2fbe3822af724b7b63172106a2b8fbd05f1fdfe123410d9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e41623358cacfad4a2e9d298b19b542

SHA1
831d598b254323a7e62f099ce4a0c15216ed7194

SHA256
c6241959a929c97799ef70d5c93136281559253b685a8d843decc1b482c5401b

SHA512
89778bb92931da5aea0150051e59ced7f4e513e28cdb3ad8560bfbf83e0ddc7d07dd03b6e93f307724d7981bf4d84518807fad7448ddee95c2372ae242e4c1db

Download Submit