b2393f09574375727d0aedc9035451d0754c332dae8a755960330ff00c0b29c6

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9901ee032788bc7f23f45dcce93ac61a_JaffaCakes118.html
Size

79KB
MD5

9901ee032788bc7f23f45dcce93ac61a
SHA1

2a98242dfdf8a27a561fafa57f53f6368c334d1c
SHA256

b2393f09574375727d0aedc9035451d0754c332dae8a755960330ff00c0b29c6
SHA512

2886b578be537f125fe2fc3ed9a69b9868813028c03efc4a7d42f0ca94d513f3369cf91c91165de300c373926283a7c9d054926d7802b68656fb25f664210364
SSDEEP

1536:c3IOao82wwGpbFP6k6H+MMG4F8IF2c+qiIr00Q4wR657Dx:t2wwGpbFik6HOGg8IF2c+qiI40QV657V

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
56	sites.google.com
58	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
2952	identity_helper.exe
2952	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 2856	4300	msedge.exe	82
PID 4300 wrote to memory of 2856	4300	msedge.exe	82
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 3688	4300	msedge.exe	85
PID 4300 wrote to memory of 2572	4300	msedge.exe	86
PID 4300 wrote to memory of 2572	4300	msedge.exe	86
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87
PID 4300 wrote to memory of 4792	4300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9901ee032788bc7f23f45dcce93ac61a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8a7946f8,0x7ffd8a794708,0x7ffd8a794718
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14278047053881243461,2977585477477918108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2c9a20d74054f321eab6042863e446a0

SHA1
36d2b38ed89afcd8b8ff866057c92e21ae32665d

SHA256
7dc8ce335a7d1a8ebbc6378ed289a8186da74031381674b6b5e91dadf91569a3

SHA512
b43da959ed1018d6aed42c7f7efd653e226e3ca761f8212c3aad971480252e2e4f6aae321531a2a404758dbc09d5cef335df17b309441e38c9ef0352e6d85a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
89dd70603711f9d4a2ce4dff6e4cb653

SHA1
83470bf150cd7e0b044b541284724d74fd875f74

SHA256
8aa1b426fda660cdab84b2dbeac8e90e63ba976cda7adde3ca37651c3689aad9

SHA512
85aed62b178e950a41995de6257ab51bee6311a6b5014e59e4de1ba1c4bced21d263db594eb5dd4ef037c831ec180403bdfddf62640115cfab3dc22053da19c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cd97de8e299d2efe888d286b4de05f16

SHA1
fd7848edfb2736c45fb312499480c68a0a89007d

SHA256
82e2ab9403069732bd4fe189f6f26c3b37c86edabbe23d9b35f2e473bb5055a5

SHA512
283ffb7cccbf57a04bfd81d8e447ed65af573f5d336d16c47e0c5784bab3a59bb5a5483c7b2cadb010d6f4dcef915262ec4f613983f1619f8d7275ebfb1920f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f09c761aa7286a4908b3bfd07817128a

SHA1
5985ceaa52a947e2121ac69c7cfe48a38bd2a992

SHA256
f2444fa8ea46021bbd182267ec87fe4096c256edf026a4152d54d18267804703

SHA512
01db66fdff8ac20f79e7d53a4b02cefc503c6a387ac586d5cc0990ed60738675d5e531c178d875cb043330a57c033e5ac053f4755bc957b12c287e5b2e8ab310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
801b47037da9d3cca250683b968be690

SHA1
75dee075cda0357c70e6fcccef2ebc7e0525d1e2

SHA256
d6d09a8742dd7d32c10ddb1610293619611bcda9f7f9a20a915598f0427827ea

SHA512
530ab7930145530b070e5625547c62c243c3984adf62bc2e2da26fa2966ba20e9e1498cf44a85a7ab7ee2462ebc2c20f0a2e1340b0d4f1c373c088f270d693b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
27df3701abddccb3d57679c581c4a4c9

SHA1
b116b76d100a9a78a55dc312673c0679ca741a07

SHA256
4f7ff32df75e037fb83cc1808947056926b4a2b6d628d43d3a3bd13cce608d61

SHA512
def256c7cf86962960eecf3461d6b55b8a5651386a70c7aeb7312144f14ccf9b810c3786911b123363618541279fbad4bd0e00aad8b3bf7cca209679e35f5c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
43a50f20eac4a64b3bdd31314a2ddcea

SHA1
25d1c6d7b84df31b0a61e1df996fdb4c1b180112

SHA256
4a3778628fdc49e0ff629ba6058436d589b9a8940c8aad891a8ccf0efab610da

SHA512
7e6ce5ab68f0bfa2822a076343e4b7852c35dd051bb07e6836b186df849db26ce25177bb3cd1ef8d9d0b3d9f3c9391cec3ca30650044c924edb5a5c854bed020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
057a2416d543770d3e564e5b4efbd5b0

SHA1
b41bf44ca2a7a95d8ff306e2efa33b25b67b6824

SHA256
39f303caf25f8c899eab0379d899f00391bd86c852ec3b3660fba577e824fa02

SHA512
7f38efc9cf173a13de075b03be4376a3c364e86652a735b3795ac8868888a715ff11f5ca410b9c244de6328fa9cbe90a22890beb1f5b563925b058ee82cc77c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5e2.TMP

Filesize
871B

MD5
db236303d20c3b5c9b22b4c51462a732

SHA1
73d17cb3b35fdcb6bad1c0e682ab756b5a05ca2b

SHA256
106e293abd03420a34930ce7677e8a8f40ef5ec1f72580609049ceabb4673242

SHA512
fc944a1cfacf9ffd6f98049d2e0e840b025f4a6adf9a89c5d98f5488f70691e6073d9f83289cc88d54f3d7087df4f5288103e4d470b7c79ae165bb31a5f2ce78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f337885df01fa136a7795b4d14a1a5d5

SHA1
cac3cfaf097e83c8e8d61246cee6f285851c876b

SHA256
c1ffab344b291cb5f1d844d54b831b8ee13c26648a0836532f01586d02ed2e53

SHA512
7f342ed27cd4397d35168c6d556832e02c01b4aaba0e4519748c260366a4e8548d9f666478ec53f9da9882cca731de6c0e58de7c3a6b476872b2a5f1fd6f58cc

Download Submit