e5e14482756962bd2d4bb8b05f69f197c5bafafd4ed05c140b301941bac0e9e0

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

921da23d238b8caf88aee327e92e86df_JaffaCakes118.html
Size

306KB
MD5

921da23d238b8caf88aee327e92e86df
SHA1

cf21a49e8a536c54556ab046911e6c724c3f51bd
SHA256

e5e14482756962bd2d4bb8b05f69f197c5bafafd4ed05c140b301941bac0e9e0
SHA512

9c21364828fd04261ea614bde9ef6861deeb28f2f88a47b78c295743ee825e59aa5451c53a2874beba86a53851cd66c2a1e062ee162da1a287e16b53f861e2cf
SSDEEP

1536:Pn+SbTTF9SjTR0NkltM/jVII3IbIre0Klymj6ouIJLnvM6igr4E3E9dE6emBEkr1:v+SbTTF00ItCVI2a4sQTiTC7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
4196	msedge.exe
4196	msedge.exe
4920	identity_helper.exe
4920	identity_helper.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4896	4196	msedge.exe	83
PID 4196 wrote to memory of 4896	4196	msedge.exe	83
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 936	4196	msedge.exe	84
PID 4196 wrote to memory of 1568	4196	msedge.exe	85
PID 4196 wrote to memory of 1568	4196	msedge.exe	85
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86
PID 4196 wrote to memory of 1492	4196	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\921da23d238b8caf88aee327e92e86df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12ce46f8,0x7ffa12ce4708,0x7ffa12ce4718
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3019881007768767657,17694438856843306472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
02c379afb65e7802c58872a977974214

SHA1
4ece27cfe355e17c52eb9113890cb33b63e8c608

SHA256
9065940a9e9cdb5d17675ec56323fbd58cc775c16c412dc9b53acee72d47d064

SHA512
5429d1bfdfc495440d03b1a055554c9e32811cf76c7dfdc2d4b3ebd7b2bb8ec5e9d0057f35a923b8546d89e9decd29577146e407dc4cd3fb9ee18be0f522ea52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3e32e39fc3de42539b88ebbc8ba5d806

SHA1
3611d14bb3a0543bbc3d45d464000a58f67d162a

SHA256
6c5323e07166a75cf5a01eabf297259f0970c0fa4f32ffdfbe3561b3dc40e244

SHA512
724ed3d3267ef853b38b4d66a2c32dafa193e1287e5716f6a1f9cdb313534a76fa180a9f0584115373f7743da49b67f9ed052a9e758bf8ad097cd91827e07921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
be47079baff6b779f7d8fc9b336986f7

SHA1
41865b6712f1ae0978f9e8971cf8eab83d9bd538

SHA256
59800fb053d16e828a9a61f02ce99145c3888637da8bb2b4235eceaa367dab27

SHA512
154f7d0b96738d728a8b681d4c2b693453aa2daf802c92110e972fb682e3ebcd280d0703513c20c65bf6258f0090c5839e01d0a90e16449c322259450f08d875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0e9466e122d40734ec8d3a0e6a39e27

SHA1
217a7f7078c3b9f4e7993b0038c59b6af1920212

SHA256
7e69a0d21061fbfaebe39218a1d7564bbd577eb89e5686f60f350b08c671f610

SHA512
dc63cc56170646a0c2c194026c9e4f17f2c6e5ef747a6b0d073bf10a5eef8dad7fb57f1590c6c130514d8bdd9bf37ca2050f689788a3cdbb505f5d17cc4ca025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b7c49d3dda3e9f4bb9e88ee4ce88314

SHA1
5fa8b51c5351a702fbf8958447c0b5422d2d79b6

SHA256
d04cd3a8760cc03d74cdb78f9630764a93c2db84d5952514485e9545304b9e95

SHA512
2907e4a700a755bc3b3a913c5deea359bbb451dc67e7bcc026b89ca4f650f6b5fe0bbc021b2ffe0ea034a6bef04b81675bfda1ecc54781fadb98f6d90f1648ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe632bd54a37ec5eba4a96dd21a483b

SHA1
46c6953c6dd035b0f64bbc561c89a1e124f902c5

SHA256
177bbe615ce15ea12e214c67ddf29cb1d07756ab784adeaf1460616ed2eb5c10

SHA512
22800a0e283da35fae515552ed80d944c24e7e36dd3eef51463d9eee74543d508d7745d01738125537da4311eb6705ce84466f0bccc4a9a18e07730b460b6ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c97248574acdbf6b759c4a3a2a85d282

SHA1
bc3a8b11e96d24fa68c804b96d09219b265e8d8c

SHA256
44e4f4404ce935560b35d57075546b08141188f2e1267e3f69e7b64b74110a2e

SHA512
d0f296cbaf8be654a7eb0a52da9383483783008848aaa46da1d6e49015c536d75f8a1afa903064e6ee0e9f17c7106ff3d6bd1c1844773109e09e42bd8126e871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c41b.TMP

Filesize
201B

MD5
216b8fbdfc269816736f5f831d553628

SHA1
87ea9e8471e793378ce39ba0d50fa44d42f9e60f

SHA256
a83dbe6a3a65cc068759175efb39c5b272d3b419611cc98148d15b24731fda52

SHA512
1c4ca8886f8a169659b70d03eeec61fb9f58695f56ff882a5b713ec26c0ad6ad5b0966175f6d229753d2719cdc7e941c88423967e66649024a42232563b302e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fcad3c4e-9821-450e-8919-8cab6c13fa14.tmp

Filesize
692B

MD5
37434247d9645430ed3493b7e22177a9

SHA1
07dae2ac6671ade3d47d78a8866aa77d238404da

SHA256
c3afe65acb14bf44d65099211b491c2b433dad739de5e49d05e2ebfc1f7d3d50

SHA512
2fc7a260480ff88f3b420e177e7eb2dddd8b645c5512c52b3a5b4aecdfb74d17051a8bc2cd66805547cc51e7b367810aa7b18dece21bc1e957153db97de80e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90d1bebb747ce101a67c5e0a129e7157

SHA1
99440c627d4118607d3b621448cc88c19f9cb5b0

SHA256
5b8207edd60b4e86e4d38805b5a6e3463ecf8215546c1bc09d431d91b02e9c98

SHA512
838e741f45097f25233009821c81b96ecae5276f316c2ef87db7c9f09a54721527b872d6e5abf54fd81436bd4731104b694eaca9f32b846491d27db564da6326

Download Submit