3747db6d3ae2485b057b09c51b37d7421112d8ea3002e6dc3ae01259264edb95

Analysis

max time kernel
145s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97148e8dc141d41fda3b5a8044f2ad80_JaffaCakes118.html
Size

299KB
MD5

97148e8dc141d41fda3b5a8044f2ad80
SHA1

b5442a00a5a7d20f8c91be35ec315ece3391f51d
SHA256

3747db6d3ae2485b057b09c51b37d7421112d8ea3002e6dc3ae01259264edb95
SHA512

2b876fa5935bc59ca5433fc6b4b6a141b88430abd76c7c4c4d0daa5f5325da1dccc732d1cd80dfad1bb2186bcc426f529d91ce866e0dfa1572d31d1837c8de8b
SSDEEP

1536:z1+SbTTFZSjT9xNkltM/jVII3IbIre0k17mR6o2OJLnvGy68BAA3A9dE6Gyd2Ud1:R+SbTTFmxItCVI2/QOQFiTCh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
696	msedge.exe
696	msedge.exe
2236	msedge.exe
2236	msedge.exe
2956	identity_helper.exe
2956	identity_helper.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2348	2236	msedge.exe	82
PID 2236 wrote to memory of 2348	2236	msedge.exe	82
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 1300	2236	msedge.exe	83
PID 2236 wrote to memory of 696	2236	msedge.exe	84
PID 2236 wrote to memory of 696	2236	msedge.exe	84
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85
PID 2236 wrote to memory of 1524	2236	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97148e8dc141d41fda3b5a8044f2ad80_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18087219631266969938,4211583549983686236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eaa519355562a17bf41295a5dfd7a611

SHA1
8ace743903b46fa4f369a6f7b9729f2c789dec4d

SHA256
4ef408943e01dad52202e2b2c85e70fbc63706f211385aec8f2d334b5227b7ce

SHA512
3b1e970c2fa4925415b6c97d60ee9ed4acf3d73d15b93630033067ef083d29a5fb8d2186e70af1163924bd49ec24a48167bc0e3f8bb6bd2dbc420d7694ce1ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d49179226c0fd5c90c1e93138bb59e0a

SHA1
5a3bca82c1b83fe2d8f6beb023b68365a77aad71

SHA256
e3ed2a65cf96e207b29e8c75b1f7d6a1d62c3910836b9ab15cd7874634332c88

SHA512
f4f9e69ad34727a145b2c133f738f3363e9790109799dada4cde49a756bb8794a32eff3c205218a7bb528358bbed98de2cf196024f67919bdea27f925da1e35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a8262ca72185829b2092ee9d3a8a024

SHA1
5b14f7a50f6f6273ee0abddb571aa735c2cbc3d9

SHA256
4c185bf467d7f8e93f2d511b4a012628dd4590b68ff006d30cf0bbdf3dbe74ca

SHA512
50da0ad72a16bd2b7b10ef35d725abe41ccc4b97567afc81090b7b8f510747cfa9432251b7bd7d0e90c710d0c6319e2219b199f954b7a008ba722c26b131262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39bbfff2d5f31021e67607f2d668d87f

SHA1
b78f1221d5e7b10fb8a49d8d80746972a56dc125

SHA256
8a1bf93b28390d8ce5dd9670bdf3320138fa08b3e75972523c240e5d61f3ede4

SHA512
26dde8e9a415f40abf8647d729dd78f9124545713126157f6203976b5d9867b07e28be412ceaf72fdb9109d6b8f75045babdd72cd7ddd15990cc9e26adbdc496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b0c6b370c5f3f9b04859f2bddd18c92

SHA1
afc2ed26f07b897c54b633464af3015215446498

SHA256
603fd0a9e0fdd70fa79100eee30258f665e421c7cd256fb48f90e8245ef12bad

SHA512
2707abd7de9ccdd0d8e65aaaa6ce9b1db7fa6f9ce4fd0c1accce30127486aec91c58c91ebea1ba500b755304286823ab328e896642720f72d5aa386bb31b788c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58bcdc1dac04ab971cd826620e385d3b

SHA1
e0537547431303aa567d855dad983f89df746f08

SHA256
1ffee3aa53dcd98a9ac7b74241dc07b2c2073d452fdd481255751ccdd65ea3b5

SHA512
41401b379cd4cf5cfad638fc7de2ae7a1a7516e6e4bb14ab69efb6eb5ecaee8b5579be8eae67e23815740dd1caf8e269126c57b53cd7b7c0dd3366853be9199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c3a1f5d4a7ef32c6c935385611478cd

SHA1
ff93975d0df0e9969534c90392472651e0afef93

SHA256
5c737f8a5e1e2c5908d844f045c73201fc11c1bcbfef7e2834005a6fb462ff4b

SHA512
979e19ce6dfdec079e7603dabd84488498f4f4f8c91f0367dc3357134ceaa303854774b57fe2f395336389a9edd724703ab72eac8e7cfb1bd081eff563fb52db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f11573c33bb4a5dc10b8b31368039d1d

SHA1
9ff98c8dcf0b4267225add721d4065072b1b8767

SHA256
0b257563cfbd63ed280ee5e6522d205fc541910470153ef36dec7db0379a4592

SHA512
969f6c70a9d828ee52504408b5ec02843e1addabadc4934c4b7013bc994b7388fdba0154dd159f5475d864dc4aa607b684b3c67f88baf9a26680c3e3d0fa63b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c841.TMP

Filesize
203B

MD5
a4dd58fd6349322f82d0e658c67ae4be

SHA1
f3be7b9871c9a88a147275728fb092d6c1df0b1c

SHA256
6c55f1da8e376dba8a9075840bb578cde7c0e74e6707bb8d1c85d20021a29c3e

SHA512
bb0c4f4673dc5b5922df0834223ad5fdbbc62b5782870a3334e27dc086b25f3e383395abf4bd3273cd5a55b9e9f3d4744989fa28ce7017515c6280e822c032a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4fd0a4f9fd36318579aba7bd962d663a

SHA1
96059f152fcde5f8cff163ad42a629ae21e87dda

SHA256
1c0942250de8969d9a00ee636f2b3d8225a6e1f346478a33b8cd7f8aa6a672c0

SHA512
a95311b5856ffb1c051a27301d160231977fb4c70efc0f8721afddffcb000be798d7cb969c3e7bc78faaf51c6c6f0b6b4a165c796a8535e34f7141f02a9847d0

Download Submit