c051a3213627d117931a0420254f4d77c65b15c7e8d3a2b192e7b68c35f1d2af

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64ba3d7cd6d6d43f3f35f702e5eb6132_JaffaCakes118.html
Size

42KB
MD5

64ba3d7cd6d6d43f3f35f702e5eb6132
SHA1

a861b463b4d29d3ba7be9fd10d079341260e4ede
SHA256

c051a3213627d117931a0420254f4d77c65b15c7e8d3a2b192e7b68c35f1d2af
SHA512

84f3fe8d5341971921f550cf43fa674aeef6c3af265d0df1317c351a6eaaa3a4ec1be1a8e7c5019fb545b9a58ed54bccd730672610af16f518c5bd9fb331e635
SSDEEP

768:ckMf5ZtYoOQOUTjtw0gHQZpQ4FFLVFLF0Fb2rzhcDO47M:ckMf5EcTJTgHQZpQ4FpV9GorzhcDng

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
3436	msedge.exe
3436	msedge.exe
3308	identity_helper.exe
3308	identity_helper.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 1468	3436	msedge.exe	82
PID 3436 wrote to memory of 1468	3436	msedge.exe	82
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 2232	3436	msedge.exe	83
PID 3436 wrote to memory of 4972	3436	msedge.exe	84
PID 3436 wrote to memory of 4972	3436	msedge.exe	84
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85
PID 3436 wrote to memory of 3464	3436	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64ba3d7cd6d6d43f3f35f702e5eb6132_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaf146f8,0x7ffcaaf14708,0x7ffcaaf14718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10274417963563176332,14422452427748640364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d9383e8401b1bca01e8229643e94c09e

SHA1
6459dff6346ac6592388e3e34691dc663f68cf8d

SHA256
a4d7ea7a492239a5e134cb67f7feb3ab7f84b085405484bc4719b2f421144a35

SHA512
2c3985a5d59db686ea1a93f1a8bc9c47281680c48cdbdef9fd3c7fa8aae967a23305b3346353a80c73b0c065ac7a4172ebd3865a567958f84b1b10ea386d88e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0c9aab0ab33e634a19187a25b4c213c5

SHA1
d55cbcae62dab1a439a3989239acc2a3a771cd99

SHA256
df61dd11568d573f4e991a5ac21a3e673e7b07248435d08712dd1af96035ba1a

SHA512
17ae8d7a389910fb656012589cb57bbb3cf46610c2e4db6c7fd452cb09359859b437a0c16f93882c85f61506f14a1c35f88d5d3c50f5203e0a70f97e39afc90d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b996602d98b4bd276d4318ba5936db59

SHA1
16bb8ee288d82ab4784ddb1c0b39e74727d8e887

SHA256
f8c5bb202b71f2c09211508083f9683ae0d070175927298811d73f15e7530199

SHA512
45962e7e2b69ab30088b3494d666235f0d2472261f47cc1508907cce3d33f74f78eac44e4e442142510764ac4e88178c567d4717511ac1fb6b31a9109e9134c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e17c324fe997cd52b593a87694dbbcb4

SHA1
3ed474226edb8deb249826488bea39a8e279cb0e

SHA256
9779ed25c3e254b4ecc2c90eab67ef4f8dbae33cee67ed20ba311cf22f3099cc

SHA512
a5fccc6119c37f5a6a2afef501ffff8283b71a64769cea90342bd16c6cf9b0afe5830cee31d70271be0ee2bf0d4a064cde493940972e9c295671ada2cb68acdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30cb845c0695c099ef7981d6d3032a03

SHA1
e36a30b9509345c895c9d1c1d1a4f8fe811751bc

SHA256
2846fadf84fb28e13aa1b8fe0382bdc06bea0ea9d47d4fa623d1649dc8c8b378

SHA512
e338174bc64d9271879d9bead9d5e010c5a9d02d4c0e22484dacce2930d8636bf710d0cf6d5babf5200f14fb49234410f52b2a6a1c9048bc47fa61689ece74c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e70644ea2469fded76e23fb7c127bcf

SHA1
e138163a718a1d94e1b18f66ba9543d3e0fa7dd5

SHA256
51a3c12ce9267b3679681221e61bfca440bc24ca928fc9b589cea0316ce2aa3b

SHA512
e5f749ca6d8f299cc7c7e3a3abce8c9ddbe655a8cf067334a23a6cb2a7dc8faf3169f689d91a8d06a1c25964d8cfe339ee2b7c344b47c4157af5643aaac2e72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fc271f076bb4aa9e7f7684065252a75

SHA1
3d742479e3575cb012afc007406635bc11391fa9

SHA256
1156a6fd991839c0838b71a3089000e731c80c705d6307e374682a6549261461

SHA512
606fff2398711eea08d91998d58d8077f81b206f03987f294b88f94965b1fcac92494d4b91719b97e5dcf036be3e0c9ae34581a4896bb4930966a88a2e5009ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
218c95232301b43e45236edb5e464f05

SHA1
41dc8c57c53163d9e49f833eed71ab683a6a9aad

SHA256
18a6abe982f85b2085f8be22d973894633ff9b9cb2af9d01a4600681bf161db0

SHA512
e36e703671c05137c6d9bf1b50352aa38ef7547bfd65562857615e64db33ea8c1fd31451c762f479ecc8897c9372578afbe74438cc395596fec9eb9b3a006cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0765256ff8374b65133080219d22a7b5

SHA1
48592a8073dc03b4ef8233742f0b3ea5466a71a8

SHA256
7effb236950e6b412f7629dbaa807cfb27fdb8bf32b2ac157fcee7643950ac22

SHA512
86b330b2cccd4c6c33d6371ecc0b8d7da53b6397eb26391245e4e2576d1188ec3f6c2e7d822248771d89235c2e43558f8c0aac64d59859e6d54bd74e9a1b7b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
38f465900ef058f51beb7c18a6bda8fb

SHA1
756e20800933d3568e4809ed80f5e73107c565f5

SHA256
0c0d7a234c5b90d242219926488627cf7de3120ce9729e84e414ed6d3c4708e8

SHA512
35ba925ac5c0080506e1d4735ce2a904def78e40a186a32ec3f82ef062d723d5696b937956ade367e0d987ec91ca7beb7f38b29d230c8f03b9956fb0daf0e425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b72.TMP

Filesize
203B

MD5
36e7471bede48a436981a052c6983dbc

SHA1
fe9d3dae267f854a5bd433727c5f98d2e79f0963

SHA256
697bbe5a46b884f583a638a224d9217ebfa33a247f3a921ce0a9eee2b47c9fe9

SHA512
702b93de881233b73e41af5ad9434c221dbfeee44f3a825350cc6ea3e11c79a42a6f8cee1c37c783a341e91802038003768732a698df442d9e14758890d61647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
633dd100674988546105e2a7802465ae

SHA1
6396be95bbb628cc7efcaed009e598e3804ee539

SHA256
bc896ef0a00e7a096dabc3eeb4d8e27c4da994fe86b2aad42f7613d2d83ee22f

SHA512
888ac17991253fbc818a6850fecec1b65dc2474fc4f5207dc63540eab9ef03f2cb9e412053faa7e67f9326d3d97cf8c941c0ac96750af043245f4074df394bc3

Download Submit