bbfe0a32bc99f469d85bfa701983e73dc291036de4086d89c875d31e3c1e2408

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bdf67c810c37d89a0e0753392f6abdb_JaffaCakes118.html
Size

190KB
MD5

6bdf67c810c37d89a0e0753392f6abdb
SHA1

3cd7cefc46cf5a3ba6f5d5f9a27a3a4fed59482f
SHA256

bbfe0a32bc99f469d85bfa701983e73dc291036de4086d89c875d31e3c1e2408
SHA512

762e9a938939e9af9d18eb87acbc182133b3a31d9b59f892076df61d12cdad320797b463fe92a3084a578a66a87ec2e82d4e08c88a696583f4aaf81d220a6014
SSDEEP

3072:AFSSF3z2UP13G4k5QhLpOatVC6Yy/fNbYaaLStR6xWUu/v66sbsGon4G59t9Vcyx:Ebr3G4k5QhL8atVZfNbYaaLStR6xWUuD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4744	msedge.exe
4744	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 1212	4744	msedge.exe	83
PID 4744 wrote to memory of 1212	4744	msedge.exe	83
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4296	4744	msedge.exe	84
PID 4744 wrote to memory of 4836	4744	msedge.exe	85
PID 4744 wrote to memory of 4836	4744	msedge.exe	85
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86
PID 4744 wrote to memory of 116	4744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bdf67c810c37d89a0e0753392f6abdb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428a46f8,0x7ff9428a4708,0x7ff9428a4718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8854115332363501294,1227025848103065352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ac29fc93b1d88c038ebdd56f0eb6577e

SHA1
c5a5ec9eaa95458485adda37340d83bb7bac71b4

SHA256
3f299cb68199e67476491744da6fb96c06a9008bac37a26a08da051a25dd2eab

SHA512
7ddb09e663e70e3556253ab2018899523bfdeb584279147050d99908fe3b9defb5e70a7547b064476121f4f23a0a4440a556bf77d934ed5adea7ef92af0d48b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
350225a90d1f0838f7123ea829425d40

SHA1
8c5f59411bcdffcec95e163afb3d9d3be26c3175

SHA256
31dbe32ecb7111a3728c5023e67314f19bc18fd18f062958f26bd58b1979ef3d

SHA512
a9adf1be6bc81c3f0f21e2e93b7986168a43a0b4519b66296cf2b1dbc74d10faecd432df00a26ca44853a7d9aac9008bde2d1c86fb9ab959ef9adf6cf58e4114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4e3869ea5ae8b1ebedd651494b0dfff

SHA1
9fdb09114e7a6244bb0d56ffd85b73c611e6d13a

SHA256
956d74c8a66f984f1a3cd88d77097de3f3494de115240cad83c441a4003b3bf2

SHA512
71761997e5c31b7ac37cc9c4355c0fa21dff49d7b67e8eb5aec1af369fc48b72a8605316e8baa8fea711d86f2beaf368c53ce4920c8ed7a1cd54e75464931e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9534f2132b3e0596ebb90c98bb7442c

SHA1
b0ea0098ef78cc62e861d06f799898f23ccca77c

SHA256
02e7bc2471732eb763fc539782d5535fad0dc64645246e1a60d5bf4fcdd89e60

SHA512
be9dc82d48b217a37931a7252c48ed7da91c90ec4bbd3219d3dc67c949d065b4ee01c7ffea08f84a8436b7cacd2fc530ade0047ad916b95807a0e9967d83b839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4794ec583117a7775084037c37ef179

SHA1
ca2e576dcd45b9c42f8b3a788a22557fcccdaf03

SHA256
e0ea8147c6eedb3a88ba8bd8e646249460742d043038e66550f1c27c8a5d3fbe

SHA512
def385d26fc02c55a84e74c978aadbb822ecb734ff679fc926256d7a9a0bd7f1d87191925eff308d3b2e34ba9822f00993dee6c30cafdf1e88cc7cbee78092d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e39ed4429aa83a7ac4534528ee531fe1

SHA1
8068b54d5544e338620b9ba4fc809cf6eceadfb4

SHA256
f24204369160546a5aed01e6bf8a68507e292ea62e5fecf782ec4b0704a32042

SHA512
7afc00bdfdd7c3249f3ba4d655bc3c074a7cf2dc0f376229e937595e4a64389f628a2e1d6edd598b6d65c02ce9c9f10fe55f1d76039491ea003adb60a464226a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aba07a34a27929a5787f51422d82589e

SHA1
99eb64d901bca808a2df67152be1d68b3ee01467

SHA256
33a40ca20f4c934ca0d5c0fce04e6b8fc904bb4c1ab38063ac632addb73daf73

SHA512
8b1752bc8ad8fec1e6b1e13f811e2317d254772f5de36df66f0eb58ea8cc97a31e92c1dfcf06112f8dfa70fda83ffa50adf58f8036b5ac7ebe9c1a1e995d0fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0d1582c8a64631140e3c831687278301

SHA1
162bdc5d9db8f9a3311a8dfc98c2f53173f17b65

SHA256
b58a16c7f5b853025bbda19dc9459ec31a9fdf3eef133c76555674003cf3485a

SHA512
7f16a1d1cbb0118b6edbb56e5c2e3625d879dc70912c77f1c8b17f0f4ed93b3c26b838b399fb0fde9f3a3949ee861d2ed714cd986cf9942277b8860a6299f8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a55979f414bfa33289cb1c4eef05daf4

SHA1
8f6627c0e5e759fccddc2b10ec34cf36a46914ae

SHA256
fd585d3e2a2b02c3c5273d357e508d26957a6d19ca5d52d415ac0e428a112766

SHA512
5e16b66ba0928f0fdd7df76efe9a5bf4e6f6fb2a85728899e2d18f6095fc15bf4669cd798b6c93b5ffa8805f33870eefb27c319b119929c53da87787aad69b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1186197-835d-488f-9f70-b2549e64a4b9.tmp

Filesize
5KB

MD5
19c1e245e35688b2c2a63eb268e8c67c

SHA1
2af73fecd3721dac0f4d8733d75c297e6feb495a

SHA256
0af38401e7e9df9a2a6ff62199f8e68ee0601c2213a68c6d81f847790fa9d825

SHA512
8a74b99abca7b619d145b8c28bed96269dd03fc0519b455d6c907ccb14c7c9103ecb8f02b10aed942343d00572eead4cfd7b7d522d658f50b4010d5a1e2316e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c28875c91da0addda2ca7e8aa312e80

SHA1
7d379bc11023a9d40733cb6e9fe49acc6716cb7c

SHA256
9d46aed62fa1128f2739aaf494a7c742c27cc618471c53b18f560fbc1bb0c36a

SHA512
a5b9a546f0c88c877cad6bdceaef3a7b8414590363cdaa9e3a50de47d617c94c805bf5b727757a9abc91959cc2c2ce95e9813bfa4c5afad4f2588a549ce0238e

Download Submit