e2d9c3b8b540eb0e2cece465707415291fbe8a522fde6f6f9bd8bdf974930703

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe
Size

78KB
MD5

f8e297be41130cf9bbdee02c015036e4
SHA1

510e691aba23b9043400dd2576b503be87a95282
SHA256

e2d9c3b8b540eb0e2cece465707415291fbe8a522fde6f6f9bd8bdf974930703
SHA512

377d3f829667d2bb3e13a344452cbe406e97e6595d7d4f5ef7083922af91d9e0be566e569ffe810da7561a998d6e4f259ea0d85395958a7ca7277f8691867daa
SSDEEP

1536:xCHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQty9/R1R2:xCHFo53Ln7N041Qqhgy9/E

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4100	msedge.exe
4100	msedge.exe
1812	identity_helper.exe
1812	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4100	3012	f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe	88
PID 3012 wrote to memory of 4100	3012	f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe	88
PID 4100 wrote to memory of 2516	4100	msedge.exe	89
PID 4100 wrote to memory of 2516	4100	msedge.exe	89
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 1128	4100	msedge.exe	90
PID 4100 wrote to memory of 4840	4100	msedge.exe	91
PID 4100 wrote to memory of 4840	4100	msedge.exe	91
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92
PID 4100 wrote to memory of 1768	4100	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffe7d2346f8,0x7ffe7d234708,0x7ffe7d234718
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:3128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
    3⤵
    PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
    3⤵
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2078518034113523690,17468019839302587030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=f8e297be41130cf9bbdee02c015036e4_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7d2346f8,0x7ffe7d234708,0x7ffe7d234718
    3⤵
    PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8c91c8582b0c918416d14bd7eedd686e

SHA1
b2ff8149bc21144fdcec64111afda492965c6621

SHA256
1e839706b748c04adf8efa2790564ca1efd707fdf6451e71af6862e07123717e

SHA512
a93be868d9f08097bff39069378a0bfa0f5c78e74e9e8df820be9b0426cbfe84e03e9638b329b6142279ed140a120c4c4c21857f410fc4789a370445c3919dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2579d07b98bbefadc929d80fb3dbd32a

SHA1
1ceb57c4b81f0f23500e118a4b9a225116a467de

SHA256
b8443c289ad36568a2bf794ac9ec1f259a9dd930c36680dafc8d0cb4de81feb6

SHA512
53522ad5e8e2a272d5b1bff9b9226b7d976d47413891c60d7efebd4365baff12b6891e3f79b20e14892ec7c654ad2d437941014290c428c6b1bd78a7b3e557de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
ce68d0b58ced9c440fa2b7c1c35bb693

SHA1
099c6ee5ea3b05692de58dd0c5fbb39dbef44afb

SHA256
e174df7615fd781036bdcd4c9787b9d8ee2a33ac1ec0e231c1c3c4bc0b5d2d41

SHA512
340c6c1268d75259e53ad8f37b641c582d1c39257de49e6b7cffe8c67d6e12d2bd1537d1fe8aeca2ede58c203aa8c2982e4466a6866d7ad4b4ab660753884570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
843488c636603cf272cf61415fcce743

SHA1
5c786a3a5b1205920925a0d14b1261f6830efe9d

SHA256
1ee7c2a5f26e247a3ed275a58f527098fc14d1995ce5c73ceab818b205ce3849

SHA512
6ee415590c08e20cdc7de3cefd32e7469e6bc22ebc6fdc044276d0fa9c299da216f72bfa3af5133891634856a536dc6b2578933f0114a7252781e56c53204e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c735c7f08eeebc32c3e68aa6046a6c5b

SHA1
a83505e76b07bd94df41c48fbd165c5d70c03d49

SHA256
80bc45e0f5f88ed7ab30567c010912265d84efe46741f469fdb06440e63c619b

SHA512
03953e1f0a75f343d2f4c35967e5d3eb52f20b5760b1f03afc64b11d3f66574e81931f643605c0064f3d4307bbeebe6a707815fc12f46a4e98d75df64ea7d7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
234a763a060ca5562904867775361621

SHA1
da3a235cad2de28162c1ff2b4ee803fde09da236

SHA256
9efe8aaea095f78733fbf7cdac02dfa4dd04562611a58122d704f19c9a08071b

SHA512
c03b3c0b48cd7fbe00d3632b3dd2979d16ef128a86a7d638bbe683536ba84d9ca1f16a21a3451ab9bed6f0ae6a763b867044cf96b57d89a6160cd1ccddab5ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
80bb25153a02031c06d9eeee850602db

SHA1
fc09c81e01293979fca900ccc1eec7f42037e686

SHA256
2e4b0fa211924f0005b3b8106b0999e4b539b68e40eaca0b4874542a2757588d

SHA512
c59e64b20dafbe7ed13de31fa0bb04f6406c5c5bacde4aa2050bd666d5bd8ec66f0c8bd2685a83e71e91397053724bdf848b96996d8a96988fd7cc5cdb88aa85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1c5.TMP

Filesize
371B

MD5
c5baec6ec7715fe0fd6d2369140ec373

SHA1
efa496d8c78aef97f4d041e8f05b08ea337a93f0

SHA256
3887e25109eda3f2d4114359e23ba7e7c34d52207c1586ed9028efa0501b84c4

SHA512
dfc29b33886c66e5adc51bcf42b2dfb523f5e23ec7df9700cb609a6cecaab384586fa8cf9d8fd7c27b212e538f7b6741c26262bf76ccea8b4bc0226aac51258d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af9cb8c0-d861-4118-b952-91b56fa8b585.tmp

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4769d2629fc4c5e530d7a99bbace62d8

SHA1
1e8dffab96db218c9622c31541c49dbf8d209245

SHA256
2cd6b2c0535965b17357b8bd050400afc2a11c15f4b5918ca10d499963bbfb1b

SHA512
03f9f6a1539b488006a2f6c6683b5ac3e441ddcb044cd7af492cfa109981506a0aaaa983226a214dfec2d21ff2a0eb1fdad9d438807b2204646ceed261a4a51c

Download Submit