bbad8c59fe63896e649d9f5d14901dde7107a5696714187ec303e4a051bff932

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc9b3aeba29ce74eb49d46061cd01b8d_JaffaCakes118.html
Size

30KB
MD5

bc9b3aeba29ce74eb49d46061cd01b8d
SHA1

7c3caffa68f614c83f529d17ce416351ad0fd29c
SHA256

bbad8c59fe63896e649d9f5d14901dde7107a5696714187ec303e4a051bff932
SHA512

4b7ae250e9fd537e2497e99fd88e476f01a8086a6c29ed1ef4afd7da3007a3f900d9472c57222928d7ca85cbab507274479149f93e8b1a55dfdeaffc6764a47c
SSDEEP

768:C3AD+w13yXSNmryObQjkF4LKT5EXI5sDhx:C3g+GiC4mjs4LKT5EXI63

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
1728	msedge.exe
1728	msedge.exe
216	identity_helper.exe
216	identity_helper.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2928	1728	msedge.exe	84
PID 1728 wrote to memory of 2928	1728	msedge.exe	84
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 5108	1728	msedge.exe	85
PID 1728 wrote to memory of 4588	1728	msedge.exe	86
PID 1728 wrote to memory of 4588	1728	msedge.exe	86
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87
PID 1728 wrote to memory of 1716	1728	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bc9b3aeba29ce74eb49d46061cd01b8d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e39c46f8,0x7ff9e39c4708,0x7ff9e39c4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3815188996518699604,4703271204603646014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
cfd2cec2ff3490dc734925d9cd0ec39e

SHA1
18e8717aba5eff41f637ad36b6a046173461d52e

SHA256
883424f167f58c3e8739065c4f3ed6cf76fe15e4d30fac0137b9c4da4ae1d4f1

SHA512
0dc5b4835ca3b0d06805d7a491635218e16aa7292f9537b2c74c49e05e485c61d7520e6697f3a7aaf875db6530693fe6af71c64a1a10a24bcc615494efb62a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2db38c10bb595be498ae799700e028a8

SHA1
a744c5412925e973798777ed87c034e9721d558b

SHA256
e9e5c785dfe7653e008cbcef316b1cd62880e2431d79c8587e7af7a8d30fb20a

SHA512
97b1cb6ad365766a584bda4eb5fd69df6b9a6e395c96ce46d204f3462bc411c0ddbe590ab35e729e279df82c11109d14c1d27b763a044e83d511e37f558a22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9e1d8ba774faa745c9b8745255df03f6

SHA1
165d3c808950d90d20c1251b3666c70364d91268

SHA256
685c3811538f75fb4dd9c9bdb2c3be4da63413ef6ea5bbf41a40b666254e039f

SHA512
3d156ac1945904ec99aea515c0dc08051bcdc58594839d630e6c6cf63bc1952288305c57693373864e78aa21d64a97c78c56b9e3f584be86f704dda850b0de0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cc1377d017d91824857cf478fc6b1d7a

SHA1
fdee089812f6cd6e22feee846ffd694bf44a8c6f

SHA256
141ccad7647d5084aab13c22a07be184415f12ace5b837f1309877407ffc0844

SHA512
1341069cb2d35be21719cb29f844314c6b522bee31f3961dad4a14cbeb6d06b5ece04ab11c67d13d16d1bb62caec6e5afb0dd58963ca2f5e1510cef3df0ae4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f0b1e139390e78180db69a7e8673d17

SHA1
d65246d38f2d9169141c1775df74f5b79ce59c6b

SHA256
138d314c8486074974e998dc7b81561a68bbfffa55584be810cad1d518ac9871

SHA512
a40762406098079fd2a4921107986117eaf47f69bc3dbf270fbd0abed3e66ad95551ef5d3d1d4db26303638e2cc9626068fe54ebaca4de9f3dfb0257c3b49db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
116d2884bf61ef6438746de1fddd81b8

SHA1
d9faf330db27b8aad08b52dec61bb472aacaf2b6

SHA256
55bbf9a6555d94835311ff26dffbb63c1ed1626ae87a580f40a1ba90ee697ccb

SHA512
e948963a50f53f38c7703a7b2feceb007a98042655e733b096b41771bf59bbcb4c72e8d691ab27330f16c4c460f71744b986f73a35edd886662ca3caa01a43ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05e87954422ffac887a5362425ee1486

SHA1
00c527c8ca1c23146e44edd571d49369d752ace8

SHA256
fa2076f6f4d741c5ce73bb7049b7c91ed99231e12afce088adf2124955e49a63

SHA512
762c6ccde88c5e08be328e6fa62bb44e9cbad2db7874a893da47958ce0b2f3d167d5a324e35a47decc618e1ee100d687db231b4bbcc8e861ddeafe5d58ddb8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
152e2c23c185c01dbf00cc36ca044761

SHA1
9f9b154b018acea5926cfe6b59f6a1c8166047f0

SHA256
acfa29aa0d97469ad0a998e972765940fe499fd0606c0af6c5df8da269516443

SHA512
7109de0e0f5f56190f39ffbe8e104eba40f61d3f061a882eb69d3a35dde45c0f35db80143ebb6e3bd34d5305c3cc0376919218cd847efc607dd787dfa6a44401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
638d1016ef6a24463919014424aa16d0

SHA1
bd76cfd04a0e29572fa6b4f0a90d66fa64c78f8f

SHA256
37b80457f46f80f57dc9898562f51adc910c9f5d89bec962c56749c2ade61206

SHA512
e237b071aedc73bff7f54342f242de2eef64a7c4f2f432934c469e1683159ef700607a6ca340b5636136331452793183c7bcc49b8d887215ce3b632e46a618df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
72777cedcddf50a91e30abc775dfe39b

SHA1
4351df35447118cce0e7df21510923df075ece95

SHA256
e28193ab426e7ad43a2960c7f99303cd3a9caf55eaa70659aaf4314d6c3468fe

SHA512
5186d495473c5d4ce08807a029f00d0c9d60ae8df3e074c5db6cb67221fec860020e86b415f5b472cf968e25d239189a64bbf291da0aceb38ce03895ac98a00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581dd4.TMP

Filesize
539B

MD5
8922ebfd5e27a07e5036025df2878a51

SHA1
5690523c05f4acf2c1c239536e3ca3cd25b3c78c

SHA256
dc3807b4f8110b73f88da84c0d47d91d802c7d74f9d7b3c34b3c36ba0f664b58

SHA512
1f93be5509fe5742c7b6eaa081fb49a5430338b96295ab2364efd0687a2c12affe681037359a369f4bbd5930ad26404a790a81c708549e5f0b11efe5a124d218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08329803a465e3391ba265f97f2f4b30

SHA1
ad8a7d29473845f6ded86f5a0af619dd0c99ba8d

SHA256
6e4cbd2315cdb1d1fd20601ad7258faf398c0a73f073dbb5e35ce99c007abe13

SHA512
3cd40cdadae0a4c3ca9c2411c364c7b2bb41082f883890163d04fbcd4f6e73da950a3d597e3be376a08734b6b639676bdd6170f7fcea077f826519ebbb268800

Download Submit