d97428715a5b07dea7207a8fd084e095b8f2c61c7b1d3dc8179556ac26fa04c1

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50ff414cd13ccf335fb58a53cc0eefb3_JaffaCakes118.html
Size

54KB
MD5

50ff414cd13ccf335fb58a53cc0eefb3
SHA1

88f71f38bb2870e7d2de0dff73595c5d52fc660a
SHA256

d97428715a5b07dea7207a8fd084e095b8f2c61c7b1d3dc8179556ac26fa04c1
SHA512

eb4226a52d2d7a7f2168f566af35f7ef33acca37db6724f68f85b4b534dd32cc16ccb3c859ad4fc7b61d038d4f474d6d5d8262bbbbd49ead73ac412527da340c
SSDEEP

768:zVw14wbZDOC2aOKWS+SCyWO6am+wGeA8K58xLacP+Y9CinUYZxA:Jw1rbZM8F8xL+iJPA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
5084	msedge.exe
5084	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 2316	5084	msedge.exe	83
PID 5084 wrote to memory of 2316	5084	msedge.exe	83
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 2772	5084	msedge.exe	84
PID 5084 wrote to memory of 3272	5084	msedge.exe	85
PID 5084 wrote to memory of 3272	5084	msedge.exe	85
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86
PID 5084 wrote to memory of 540	5084	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\50ff414cd13ccf335fb58a53cc0eefb3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa34718
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12531245619693994546,5759926270247748294,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\45a71e4c-667b-4394-ae1d-9080bae82076.tmp

Filesize
1KB

MD5
f253db76ba36bd22364b7ed33495b029

SHA1
50706b006c8cc5deae86db9365d5b481ff4284ee

SHA256
dfa2a50ce1bb5cab9f0c32b9b007e89f7fa5ef41627d07ae71e5211ef9fa2c65

SHA512
224e0a323832789034e7bae7fecccb6afc9d88ace7e1e7b5ba826222938e48bfc24d7e01a0df7c50e24b3daa0a26f00056cd164ad7eddb2f1d070ec3eb74ee44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
4d351e132850bcc2e579169248747ce8

SHA1
f95993e83f86776869ffb263c3c2dee84fcbe34c

SHA256
571946dd0ac82fac9bc4473b760d15db272c4ec1b2d9976769817cfa0f702d99

SHA512
99bae606f8de8311521f9dc6943e0c149726042abfb4399074ffd14b8c2e361e4bcb174a19a7afa3794dd17570c80b65e472009c7924af2aff2628c921a89395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
67e1ebb6f4393005b14e569880ce2c6d

SHA1
ffa99bef98a3d609db316ffff021fc55422fc882

SHA256
88420e596ad9cf6145b62b0292baacd5824f07f222d5d9ad093bf40e5223fdca

SHA512
30cff71abbe6059fe115f7caedc9412297076038a882b10344660cf3eac27e02b716dca8a8680e56ff0a81f5cf4afc380ec9a0b891a414ad15824bdc86a4d363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ca8889bf7389f5c04b98d5336bc8b871

SHA1
0485d055cc13e1439284b78787bfc8c29e39230b

SHA256
4b17161c960e092b3cf3432a3fee5fb4fa69af5ee449ec1a4afae5776ffb0c16

SHA512
b62bf8def834362bdac5834427c6c6e5b7ec98dc29329b8fe3f8979bad880f4b1d1fe75047ac1cf414d8ff5e2332c6e263fcda02daa3d4c421a5ad318b9c2899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a80c5e5fb2f397a93478c39477cbc25

SHA1
49281106def0f3452e23606b8499a5d7f26fa1ba

SHA256
dbe6aba7034ad1a3092b038c1884873f343b4eac6b47a812973299338c230f98

SHA512
756fdf6bd94b97178ba8743bab3a7985b58b9d0ee403378c0b077f194b97f64675c6b311a7076f14f99a65750db6e28f21b1826177479da39c068899ab0d6a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05f5f3ea894a6ecfc0eb4565729c678c

SHA1
020806007f171df1b60c9cafa5eed17938ac7e87

SHA256
27013e84978daf8bb5da5e42b77b9be1babfb7b23e3d5229bcd651aeee8096a0

SHA512
2324e2198c2dd1fba7e630229bc06e1d21669edcb1b67b4db9459359cee8b9c5876701dd6ae912b92da83f442057d2e49927de2dd86e46723e190ab45a2160e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
904b69a5b8827f0f6f43caed490f1f57

SHA1
f1f8d184a1830e6b08d31e205db00f3f319cfae4

SHA256
63f91e0c2ffc81a17a90544e2ca78a36253ebcc07ae3757a6daaf30d84054e47

SHA512
2718d797672136d81b220cdc3b9509af6c1251024137bf0d35d5263817badd941b3ba0c934f8c08b784ba34d952702dfaa80b523aa0606891f595d9ed5151697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc326f7766d91cf5c008acb9fef32162

SHA1
4bd63086218b76a6707b109ace10458ae5a5219f

SHA256
b55c6d37cd2240be16c4a2bb7aaa4a835bdffaf31ad871d8b046d78c422f0aa6

SHA512
678076712340a32d4a61d3157a82de979af97f09595221d09cb8e37079f2bd16cb2d8b7df9ef0d14dc1725ac59bfdcbc39f9e73c9b876f597c924e0ceb3a172f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57900e3a85965ba7e02df5a7b2769e54

SHA1
a5b3e777790ab83ebcf25101e81801c7d4881d9b

SHA256
018165787bfbdb2ff5756176c848a861e78069ac4f7c9f4944f904ae7bbcc53c

SHA512
4b4b4f1d9dc0b878e0f5e6e0ce6e8e4170366a453f9d384c9db33c605a46723650ab01c99c7979f04db5a51bd4a74268f66407987eabceee9dae4313c7d87cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54b9135b40c44c21793b22377aaa2932

SHA1
dfd8aed84c02e4964f0a15c2a748213193fc6b94

SHA256
c5ebbb16095a01dc5532450c24a523aaee92a03593ffb06dd901ad85bdc61988

SHA512
78003a93c2f187c56972b7f5536043eaa4eb4182c2a0b138e92852194902548906bdbc31fec2aae939ef134202f37df470f02ff0620699a0c6dc17acc2525f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e32dd514e7c832e0cab47c80176ea7c3

SHA1
57e2e2d0a818ce644ccf7ea33178962a427fe965

SHA256
c1c041ade5617a969f4e1f48bc4bdd5d290f241f4de65f298447a0022e287520

SHA512
db6fc470c3ce983b768c23433630ce5c16039174525d79aee61a4c9df43b1eb74016408eab518baba430c0093256dbbeeca363ec7908434dcbce4cd5aa131410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
305b7216aff11d54b8365014cef593ac

SHA1
21761aebc03353357e53e4a31b6d8a5ea944decb

SHA256
e5ee095c1b1bce5dd113b3f25707ea8b791f0b39288cc0ac362eb9b104ab573e

SHA512
b47f8e16a8873ee723bd82083b16f891b787296bf750a0e7b24cde89eb4e246612e28947ef429224a83cb97f8d86db83f6d7df69dc21eb89d5a7f9b9ef05834d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d3a.TMP

Filesize
203B

MD5
81f4038349be7296221a62b8ad1c3f06

SHA1
2f34edc63b9258fcae0a6f6ff5c2a6ea5ea4b1d1

SHA256
730f8e15477921d40be2d790343a42cb8f401c6a40c6f2f3d1be576602d7cc99

SHA512
52ebb8a400e7d677cd05fc979c18dbc4efcfeaddbe7a11da12abd54f1b6fa70c4d93c907b801f65c96088add6634e751f50a7ccebce11667d6a216fcf92f8775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef9c8dba-64eb-4ae1-8439-536177c52f31.tmp

Filesize
1KB

MD5
b766650ddecc40873f8a2e027a08f0a4

SHA1
f177d2db3b79fe09cddfcd1bb63d81e440ac51c9

SHA256
9066c797a701237694e33dcd6a601c262276bde504fd1186ab27ef37056cd2c5

SHA512
df5d34ef9d51889cc36370480fbbde94cac2a1838065778c072a09754c82d8c131ab7071b13408a85da37456870c38cf378927807766dca24c636fe7a1cc262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1808acbfe3794e3d59e5099468b29f2

SHA1
d93e369b7cedafff0c75d032ef722e735e03aa23

SHA256
9eba3bd67ae2b72894f6a315bce97c2fe2584fa04e3e53feb0209ec1016568f7

SHA512
64d1fa10974d95e88340002b3d993568e14561efac6d15f4955cf9cae5f5fb90d6003ecb317ae40a80fe9db187546e00e5230732dd32b7640bcbada04dde14cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f703e941b1b6aa345aec52b3e4c26ee

SHA1
ec74a331f45f09e69a7a29c77302b3bbf07f458d

SHA256
6c3c8ab9112adc78a629d58c4a8dc3748840b90ecc1aae3bd6f6db703b6d96f2

SHA512
9eebe9dfb7d6db40ec49c46ac9d6846ac296407d3ccb896fc336cb9a8622714790da97713f074b84f27b24eff49b6dae19b0009c666054c7f7b69e73e106a2f5

Download Submit