5564dd2a5a6ec925aeb973331427399f8fd6700f3c6a095fa2ede84c6cf91831

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cff00396a56106ed082d9b758ba194d3_JaffaCakes118.html
Size

67KB
MD5

cff00396a56106ed082d9b758ba194d3
SHA1

f4b84d9115e3309812600c88c2ab6ffe9042cdb1
SHA256

5564dd2a5a6ec925aeb973331427399f8fd6700f3c6a095fa2ede84c6cf91831
SHA512

3302de900ee846905043534e3e4393052a584bd03788e56f7daf19e6c9414250429c3a633afbe9da3a0e1a127ccc3f94b6d2abbb3b3fa6baac3a11f6c0065be2
SSDEEP

1536:En2lxXKXJgwDoGoYqcuW+LjAMeLgZaxTL7FXhBG9gxV97+PmdfObkQY1FXl1uqDh:jxXKXJgM5ozlW+LjAMeLgZaxTL7FXhBL

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
40	sites.google.com
23	sites.google.com
32	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
3664	msedge.exe
3664	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 1180	3664	msedge.exe	83
PID 3664 wrote to memory of 1180	3664	msedge.exe	83
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 5076	3664	msedge.exe	84
PID 3664 wrote to memory of 4888	3664	msedge.exe	85
PID 3664 wrote to memory of 4888	3664	msedge.exe	85
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86
PID 3664 wrote to memory of 2052	3664	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cff00396a56106ed082d9b758ba194d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ff9dba846f8,0x7ff9dba84708,0x7ff9dba84718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17019214092673163064,7221039845605513268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
85133e07413422e3f83152032ad10e86

SHA1
bb34e277cef31c0a598235ef591886e7aea84a84

SHA256
a1756ee87da1a8102b83dda425948c9844d7df0fb5cc8f2bafdbf68a80e8c658

SHA512
113cb92b5d84d6c5f702b4c8a51812512d536c7a86e439f93e90376182096ddab830508f029b649af5f1330c3a1ea5f0068c88a608dab7d05c12dad493e2bc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4ea62683b45bfa315c2a3a6d6f5574cd

SHA1
b87f8851a949475baa532872f8ae6cc05165b1d9

SHA256
b56e8a12b94eb817093fcfe9f8d650fa72768a4b6a7841724b3f7d86ae70bf24

SHA512
d271889772c4cb2a723f78ed227015085a4b27e780f241cc22bf78d08cb7532b568b0fef963a36354a3c6fb6d4019eb660e1f81ed6b6d075884b3390348d554a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
89e470c4ccbfa2de2290ad7e8eff778d

SHA1
0a6ad1038f749474c6cb5b37d48bf684dc1035a9

SHA256
9ef114f136944696cdae552e5a9b678187a410faa536141a0f7fbce00748c1a9

SHA512
aa0bc715a3eade68276c950c818909897255a07fd914ca34689e0fb4823d6c80ae53b3251a251fcb47d24762c41868c1279e725359d08e8e827a22d88c1ba9e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9504f02d5b645d7668e4724009f6544a

SHA1
ad979d3b2ab220ec56e891997a22c08ab93b2127

SHA256
a4eec62a0861260a1a01752408096d6dc0de753525f1e22912725ac71365079d

SHA512
74706c67deea2c15da7679737ec562588d0f1e08d625376154c72e3da8aa11a4c5f7cbc4b8c620009e5fd2e206273f82b4467119fce4bfec5b760760a87368a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5225109ecce4a2e3b6223c5dafd6fe2c

SHA1
9f4e4f05541f693f58fea0d7259ff64cc6e05384

SHA256
9d8978af6e5c66991742f6f67378bc7c9648c72e03112e29efc729073002ae92

SHA512
545848232dd790840aefceb91a2d416211152cafe45c83bd4d6d0766e272329164922bdd0b49319b49ebebbdcada28ac13d3b6b40290ded62276abac785abe22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
acf264066cf48423dbd72e1b830ad200

SHA1
37dc6fedf316d8c50e22d98f20a44bbff2454617

SHA256
8f44423b9871e5b5cbc3dc39d6593d244771db67c8abe57e82dc8de18661a471

SHA512
fc86282bb57b3378eded4faaea1248cd5d26cdf896b503c9500c4a15ef260c9a804d98f3111185334502bab033327e750d51780eb793aa8fd7e72455f01c87c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e405e78ddc7249e469655d50e88e9c66

SHA1
a7f619d5c90f4d1c34330f67d1049b1f47b1e0b5

SHA256
9aaf9bb22a847b67ea5db2fdf2284dc9aac581c277cea0e1e40b7945d9dc2367

SHA512
7d630a87ea96feb3b41063efaeea6c0803fa85c9573203de01984c123af76b8efc9d8e1835e3b6f04937828de6fd674bc3e7a56a8a2aefbcd806a68d697b594d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a11eb2507567973a92d2f306a1a9c911

SHA1
693ca5ac97fe025912d898c6354fd086e43746cc

SHA256
a7a66b01a795a9c69fcdffae04716df72c4265f02be07475206abee409ca402a

SHA512
72dd781736997a30ae65497f6982db60923159a38eb817c4a85712f671374a9519265ec5e1200d3142637d6b87050acb0b5b26b42714abf99727cf348e9c1690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e2aa20e8f3a3477f80dcacdc0ff64f2

SHA1
13f7f8e9949bfc13eb83df64d25f848b80d7820f

SHA256
d974a19535e1baeeaa7e84616cf5fe0f9ac07ee9ca9c14427c6ad58db65c7047

SHA512
eeebfe3fee17e2ed558449ce88e6f203fab299b6a396951fa5adb089b32101039baf86a96978281b783743ba7dae96245411978eaee28dd1949cc8ed85141c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a3c25898047a55a062b8953cd5395937

SHA1
5de40db1fab853e6bd0a418fd9419ed4c691f972

SHA256
d620bbaf6cca2c4979074cfbb4973baf855b18c9da36c83c1e4149934192a56c

SHA512
3366c2289cf644f0f728be1c20923126845d2dfa32ab6affb273f3df41178699f0c19606375bb094e7e8824a26217f161337fb09d1b241fc5dbe423a7d1c5b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
52e217f2351ae6245b25425afd835412

SHA1
0f318c37c7ee76ab5c347cd22de8978f2f537c1f

SHA256
8c93bb85609c72d77abab6d3231bb04847ed4660ce6cf58494b0ec26ca79c6f9

SHA512
9049e476a9a041ccd9fa030ea512fa58fb404e4057529da79501fa268113a6ad7a37f44720d70a1ecf7220c5f6ef2c979026b44386729ff0c047bf0d78013391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57daa1.TMP

Filesize
203B

MD5
48bec732779e877ea97f6a1f5f506061

SHA1
3716a1e574ace12e1c7f7fd43016a4e2bfe07422

SHA256
1eca79919e0cafb7b2936b4205a6a591958246713baec8d04366f417e82e89d0

SHA512
b355a352214fc3578d0722e11a519615a116741902e8b78c6ebd1ddba182aa2a7878ea33006ec70e2c0c3d4675738c7c1a4917996e2626d8311d65db6827c5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8c25b437da9416138b60ee71f03f42a

SHA1
2bdcdf5173c0b0fa49302737415c22d62c8f4b0a

SHA256
7b57437b0c97ee5936c339d342b01a651a5914dc03c60809fb85aae7fe90d95d

SHA512
037467be246db047ec51601187b6a260488638d1298db466f620dd33ec05b399bcb53cf1395f914e6951fb41a2753d3f671be78d1313977e8757ee08e789828c

Download Submit