3404a992565f456b278d57c12e7c1c7d6b8a3007fbb51c531172d33beaab062a

Analysis

max time kernel
149s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ef57db49b8a5dc5a119d8fb4d8c969_JaffaCakes118.html
Size

47KB
MD5

61ef57db49b8a5dc5a119d8fb4d8c969
SHA1

4a0b080a222eaae91c6081bca3e2f39c979cdebe
SHA256

3404a992565f456b278d57c12e7c1c7d6b8a3007fbb51c531172d33beaab062a
SHA512

c85e467bf5e1d58fe7c2e3d0d942acdcb1cc05ea31a7f0f6da4125ca877a32fe5ec33f6a6e81fb1e571c21e0e1979ac70c158ba1e1ba8815bc649e7b88301360
SSDEEP

768:U8gemKSRwTawHNpj7nDDbukbsIKLLeeexjZSddmckTXBjLMII:UtvELZmi9qLeeexjZSd0TXBjTI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4712	msedge.exe
4712	msedge.exe
5380	identity_helper.exe
5380	identity_helper.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4788	4712	msedge.exe	82
PID 4712 wrote to memory of 4788	4712	msedge.exe	82
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 3648	4712	msedge.exe	83
PID 4712 wrote to memory of 4984	4712	msedge.exe	84
PID 4712 wrote to memory of 4984	4712	msedge.exe	84
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85
PID 4712 wrote to memory of 1384	4712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61ef57db49b8a5dc5a119d8fb4d8c969_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2222065295597472430,7988082876906433862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
91KB

MD5
aa488814b0c4db96fae6a02352f593fc

SHA1
9d1ad86535a6cbd26af58da6d3d14c464bdbeed8

SHA256
c98218918a6a611a7698ac7f83be74a62773bc04bef72c59a69a5d0615fbd284

SHA512
501bde80b8368b2dd11fd149ad6f3d3eb4a4d6e3412165596de1f5aa52588e5132dde281781c24dbdfa75b09d1d3b90beaf6e1ce3cef016a065d0c67dffa0eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
175KB

MD5
011d0b0f4670971b56f011a6ce02787c

SHA1
051157c5917cf753852a2e373b0cc90d3d19991c

SHA256
58b14b619cea82d1885d7b5f413291175487b930c654138544b72d0dc8fb6385

SHA512
51304914727fc5ac117ff0a38c063529f210f623dfbbfbe8dd72dc68d1547bafef8a6e709dddc993ad9e7d6d0f45ba68a2a71f5000badd301e4d670e278de81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
238KB

MD5
1c7ae9b67ce24aeb02833b981acc5939

SHA1
68cff91e997604e549d86e81d014e0929217069e

SHA256
4c4ecfe05c74b2948660c125fd30d2e1255aba5fea7995855e1f0ba9f2951d61

SHA512
9d36e2ff5ca64d4be55c6670ae1a72b58a2b96633aaed06111ebf9912ebd6ec5f4996a2d48f7bf565927db03d14cb2bf33241e37ff160a5ab2f5d91fd519427d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
131KB

MD5
14e8e84084ebb5f90f2b2807b68f6466

SHA1
c185d9e624d51b5f90b69f10fbc220d550bbaeba

SHA256
3b32a5e354b4674805209a7199471895df0102ea31fb9502abfa5cabd9775ec6

SHA512
30a8fd651a41dfc6fc0143a1dc8f63d37ce8a62e799cc6f0d13c1b697ddede6868125f184dea42b1fac95eb297f651ce39b9aa22ff437108acf1dfad98485388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
232KB

MD5
d5023c51241b75889de007e834a4cb7e

SHA1
55f4b2a9f70d91b2456444af8d55c77029aaf2e7

SHA256
8cb60bea3bec5e161d41ce44a353793d3eda3b621aa1d926ba6b0d2ddc1fabe9

SHA512
d333fff75eb5d01df13425ab34cf19c9a158b2042655191fb33212f6d7bd9ec686760ce4b57b816d4334ccf55ee60f604585b8a72fd3520c119e4c79774a3b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
188KB

MD5
5515ddb53a5d2f7412fb1d5181034ad8

SHA1
e275ffd941dff6b65204ffcd68517a9e264b5f13

SHA256
a2733132e2953365c777ec37ffb5999d4c7a1cb158f6c79eb2757e3dd9d21905

SHA512
522118853b3fdde0bcec8ae5e6d7ad9ec840cbbeb4282aa0bd5b7d52213dfa28cddf4a85afd17dd5404c0a2457828558215c2422f9b93f2ec169a5059f837e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
90f3fa39bf8e94c1a8ed29e03e6f5b8b

SHA1
9b2a64a25bd9b169626d23534ac92eca4608fad4

SHA256
5c79ad3a550d3c18f78510c4503f014891ee6eed14294f5917f710e533ed103e

SHA512
c05879c2790a5d5f32a6ea2322aa001e1fc6e859af77b1676481232718628e8c48127fbea52e56c03a99810445be2c502c9e23b0dd311059bfd1123b6e6269cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
463B

MD5
f68ac163b281021aa749b5e37e09901c

SHA1
41dbda1509f50448a624ff375465130db483d586

SHA256
e7b381eb151a4f68ab727470fd4c885619f025b24b4bf3f8cd5eaed87826b770

SHA512
1cc2341f59a08fc5aac1f8aff5ff361e81e7db8b112f86ef38445ec1aa10ddc86a791ec926b31dda6cfb0d2c66e6de49e3592067cae74c447edbc1cdd7b39ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cbbabaa5ffe82831c64666397837ad0

SHA1
1568fc939934cd530b0b42d5b866dc13cb38197e

SHA256
853101e1908dbcbfb2a0ebef54c1344c10e2af8d5fd2c2da6e866a7111bf0d47

SHA512
c00993dd69b5aa11f26d4bb149613736d559649261bd707bbd63201b0518250e618389d47aa19578bd1ec19bf2dbb091c700399f240c1f20ead38bccae6b2ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a27f11ddb2a1c0f6645bde36775b9c5

SHA1
f1da2f57f500ed1bd3fc07e6f4e955150d364a0d

SHA256
5e26dcf23437f349b457f2063448d0ab670d2e258c3898a7f477b451cd53ca5f

SHA512
e3116cfbd6839e5b28d843646695f3e0414ed9c1d17cad4bc6f3cbfd8d8cd1bab017929eba5edfbfa289b9ef8a02fbd56fd26647f791fb92af40542e648d3ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddf5de1d4a25732221c5bbe16514f139

SHA1
177477aee8c83bf307eaab7eb4e003c2ccb5bf50

SHA256
1b33feb521ab0a9bcd97ce63e95f076173561216f8d144c28d0e92a1803a22b4

SHA512
446fa35cc03791df5cdd36960bf5f0d95b6d5b6b2b0a173b0e0ec44cdb8c1faa0f4a581c0a59e76cd484668af047f8788cd23983f3ebc22d16661d0601923154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
98f797bd5ff5ee532a1394e1b26df60e

SHA1
3a1ab3ebb70c493d64690e976c29c2b8243d65c6

SHA256
fd42ac15f7c468dd64042cd2489b84ae299260aa8ddd3d9f12229ec7c6f8c181

SHA512
be28a7332adee48909c6d4ecbed3537f3edc0ea7258962ab7ceb6fb1340062af2f2ade0db3b63b39bd5055c235f02d2a4d8df3b0649eba143ce39384afb3441b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8f1d1a09718f43cb0662780cfb6883c8

SHA1
2de21661e75caad772273e1a2eece4f7b508016c

SHA256
322cfb48e49469c130943e66bdd5207484c0f60a9c495d884ad0a10770a51efc

SHA512
7e2d78359db0ed33ac836c5aaf8a1d93fc8456a549f41cb19ab344b9887bba8bcdb822dbeda40259076412ac0dc0cf885d35070db8ff8cd6241206169d190f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8146fff7b30f23b3df43018e900f1998

SHA1
99a7beed19828a2bb50cb9feab69330488a8e3fe

SHA256
c5ccdef50a9cc30c2543c3e09217115fab35b5674582997577654a6678cb1873

SHA512
366a64cebadd1e5782d2596bdb6532b06c2aed8fc0b1932d6a5c0293e2d694fbf16e8a7a193e0d05f48c0ff830dceff4ed83662f8cc3896545bcf1ae404cdc8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e07742fa3eedc0334322caf008b5793d

SHA1
5b983eac52fe0acafe87ba86302e85b91c416801

SHA256
f6800641969d299d924d3d17eef3ac636ebb72470e1332792c1ee1670ad87a2f

SHA512
c6b6d0aa02a2c093f6a3bbaed5e64a823fafbaa0d57b6a17eae80893d9d8ad1498c07072b8456c57253829908cb1bacdb4c4caeb38762dc7fa883abfe6121b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ffcc.TMP

Filesize
203B

MD5
dfecbc059a3c9c220589aa060984c620

SHA1
a82f8b887e569cd96d8c9c9a5adb3f454cb6878b

SHA256
8606bffb3558b224530126f49c3821d24b7a6f1415994f62bb97fb88de4391ba

SHA512
76090dfd4bb9bc6eb879c6e9f04a61caac208887972d0aea8ba70b0898306a346856bd7ee14887f9db04a2421709336c4bd883096ed2f613ae7fc3fa47952a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17c5511a383f3326bbee98a4bae2fdfa

SHA1
928fbf6ccc9249becea9bccd08d0d93e56cb4869

SHA256
1d2eb489df599aa60d45729ccd0c18d31f2d454b07fbfb903f0da47f918c3351

SHA512
592a25bf5da2a8dcf766b4c794ca79d9b59de2fb6a24261f80f928860ce26d7234a4ebbff4b4a960880b2d5ea360693d8e154a466206eb1678a5f37e14ceb01c

Download Submit