caaaaa77bfb0011908bdbae4e1fb3b3361aa323381d200312b5dad479e4bab25

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89517c8a5db47550e27b84a756105bac_JaffaCakes118.html
Size

42KB
MD5

89517c8a5db47550e27b84a756105bac
SHA1

1ee71601540b0b56cc1b1c733aab25b75dad2432
SHA256

caaaaa77bfb0011908bdbae4e1fb3b3361aa323381d200312b5dad479e4bab25
SHA512

1264b54d30990a26e88c4dc230750aa91e40d025eb88b037c24b8316c220be88c67961c499ba3295fb82403df240b5a441b5e945e85896ad599a9f8dfafab967
SSDEEP

768:DVnqVVHH505BozcWw9iKptyBBY/PCTTapl11Ro6wFD2SxY83Xjr:pqDHH2B0lwVWTf6wFfjr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
3720	msedge.exe
3720	msedge.exe
5876	identity_helper.exe
5876	identity_helper.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 4552	3720	msedge.exe	81
PID 3720 wrote to memory of 4552	3720	msedge.exe	81
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 3616	3720	msedge.exe	82
PID 3720 wrote to memory of 548	3720	msedge.exe	83
PID 3720 wrote to memory of 548	3720	msedge.exe	83
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84
PID 3720 wrote to memory of 4164	3720	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\89517c8a5db47550e27b84a756105bac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10739493330028684641,7549431094506895589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3646b362fa428e901dd2f46afe3ee24f

SHA1
d75cab53f642ab294e360c3302a3819b39b91c38

SHA256
8750dadb739fd1cc3505df7df011587c4e1f866fcbf45baa09e0a7eb7de9fe0a

SHA512
15e6d28058728be0047b03d58a86395e67a7d661371c5b2590f07eb3ff0cc19ab7e4f910e97d3275eeb1ed333f000b3fe443d6f4c001766579fc7fafdf45084c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
891a426c873fa9acf94d42cbc04c8bba

SHA1
dfc37f458e8c4ce35711e18e1b017a2c4975021d

SHA256
3db4f7324d413c9e4b4a8b12bbfa966f0939d436191e702aa51c050faca15912

SHA512
7e54009caab87e0b1fd54ac25f3f1789a84686fa3d30a6f760ca881c7adec1b7ca843f8abbfdbdfef2eec73d13f8b675aee5ff10c84bee9241e5ec2b029966d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f353f6fe2c2bffe4781f49ef3c1ca4f4

SHA1
03b28ab5f5fbc0702eaab65684db245c67c6ef97

SHA256
3c9c439573ec47551f7a5de85f78aef3c9525ae3ef0e8c15bf2e8b6a106e9057

SHA512
27025bac76fbbd47ab0f97358f450cd13a010fa3b2dcfcfd3affd7a4eb9a38eeaf6b62a0a0a853f3f6d7f7e69acdc54c42d95a74979ae163b52ed2b20741f13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35a6a3f334ffd6edd1f806108c04c80a

SHA1
60687c530ac9811cc6f02936957766b29183c1d8

SHA256
c95922eccd76b5f78e2718f9d630416d106d01f38598c965d0ac36e2d56fcf48

SHA512
a9c0db1b757bfedb38a82470179d0da72f79e422da846a958b33866b757cd34df02dadef134c930f67712225e7de47c8d2d7f492fc2c6ed8d8ef5c61f25964a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c6f021f97a26c4d434679eaf950bd21

SHA1
ea615e5010537817744fad2c946e6ceb29358be1

SHA256
2e737f60c510679a9bb0b93dcb199977698a578737d3f7a506c3c8590214a71d

SHA512
2941ab5557acfb2f025edc4e852fcf1f1e8a75f6ce28c98916a2ec9250703b5b0056588a6ee2aa982cc68e458bb853e24e162e9865014cd7f23aee6135774dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
123d009171fdfdce23374899971f045d

SHA1
b0951c8302fa396cc43d3d84caace5aa76b63dfb

SHA256
beed78d73f04e472a5d419361c7313ebb6084eeb96b843c703afb8cba3fd75ab

SHA512
e54b12c7dc4ffd6231e563f8a6f97730e75f7a4a790ab23332b9578f82cee45c1efc12c10f36840d9e29523e2833d00b981051d064917f638763f8e090fb67f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578abb.TMP

Filesize
707B

MD5
ac76ba175c7155da8236516e698e8ea3

SHA1
50de996477b5e83db6dfed377e2cdd050f6bb367

SHA256
c7525c2f054f31f4bd3010871c2757ff28e4ff22c1e5814d7d4f9e368d9f1263

SHA512
641909fadce7af0c976c6dc7c268e6fd99192283c442db1556371f4bc622c865d096ac501a6e21160f2d94928ee21983f775314144d401aabaf9c3bbf45fcf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca284e6bce81f8ef427507cec56ff424

SHA1
7ad38c1351ee3598af2d385a2b7f8a789f49428c

SHA256
4c95ff41edbf401bb46a32aefa9abea22c05b3637b72097c2d27d52dd9db8f87

SHA512
8f3b6f49660e9767601412c89bb2f3bcdb6ec13d80662ba57e775498b9c1dd8b2b8303fd63d81f0424c9d033c7f9331fe726240bb06252a558ba76626f0fdbe2

Download Submit