09b3b16691d011d05941b1f0182bae4155474f8f77b76fe59a5633fc9836a999

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 18:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c78f5f55051f247753fac73e0af1cd5_JaffaCakes118.html
Size

43KB
MD5

0c78f5f55051f247753fac73e0af1cd5
SHA1

052a8c7cab5ae45813ff78a6902d0f66907bc857
SHA256

09b3b16691d011d05941b1f0182bae4155474f8f77b76fe59a5633fc9836a999
SHA512

de3437da9ae5ee922c9c8252976becf10774181057c382d0a915d2401cc29629f9ab9593d9c34e8306a372fe31f42455480a9db579345ae42440e03bdf8c0bfd
SSDEEP

768:6dxpljWAUBV2S7XP7pR5W4VdOSjFcAtl3dayzj37PCRM:6dxpl6AGV2SrNR53OKFc67PiM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
4980	msedge.exe
4980	msedge.exe
4708	identity_helper.exe
4708	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 828	864	msedge.exe	83
PID 864 wrote to memory of 828	864	msedge.exe	83
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 1552	864	msedge.exe	84
PID 864 wrote to memory of 4980	864	msedge.exe	85
PID 864 wrote to memory of 4980	864	msedge.exe	85
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86
PID 864 wrote to memory of 1848	864	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0c78f5f55051f247753fac73e0af1cd5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb2cd46f8,0x7ffdb2cd4708,0x7ffdb2cd4718
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6597970003620819329,11542887041755104879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
aeb1db1abcfc14a1bed9f7b721c7bc8e

SHA1
b9efe87a375f6804eb927d592da9fa254237e3d1

SHA256
c182affedc82347fe7fb09ac8824523ba06b7dee7faf4d20913ab07abb94912f

SHA512
4fbbe2fd4cef284c679ce1e1aa244e8c1b3c137a86a772974a68fe261556f9b6391ff7e6f0700b888fdf5e64ef369c42683984cadd44c95d6469a5a7bdf54b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e8426bd49e39ebe90167c146e0f0df91

SHA1
9be3e46a8517f76098ed79ebcad4b3d54b0516d1

SHA256
dec7c09b68e1d77f589949f7b31fe0008757adfef9ded3533a0b41e20e8658a1

SHA512
964376f4ebfb91e16ef7983aad4bc1b1336fab444995f395c598b44c94a131375460490beedce63249e3c72af992e2710cf068d371d0a865e085a47e04afcb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6f4745832eb22d611096a475734b3ef0

SHA1
236e4764e75d43481fcd7d342be716c1f530a238

SHA256
2f345357604ddb2877932f49b682de4e60da634efaa9360afaea0cd8de33f5d3

SHA512
a0f50ac813aaa769fe16e0a06e352c48ae61b6709f13126270986cdc0a650fdcf3e99af3ae06030efaf31d069b7ce232a8caee365380aca2e8b2fbeedf1c5252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4eada1006a475c8f6353828a99895be7

SHA1
dcbadaca5ece81b3532f80ed791e6d63ef49ff76

SHA256
49e5d225914d987a9606b591581337834d0918a7a859b4edc7651c2124f109c4

SHA512
d87b74331239a3de37b9d750301911b5204b2d95b6f832b49c31e12d1b1abb5d36643f51b95b0c4d007c04607891704f8118fb0fe7965735a57b5bed8c33976a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c44ab9db5e79a6442d7c00cf700a3d88

SHA1
7ba24edb66908226ed4119cdd4f4487719390e76

SHA256
65f91a1630ea752eea5dab2dde663788a45de3b0fe714a31f38680fd19305562

SHA512
d29c1c3facf7e7553187106106c69a4de27a8c30267191141359b1da0981b42681b23bea4e86075f575d75859e1831e6f76c1c7a2fd3467b0b8991f2db099180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e695e43e0ad3ef24c0a0304a048dff5

SHA1
d9d7c98a5cfb3f43f50cd9b218d64b0f0cad7844

SHA256
199faa53345e7312d5039cb5f9a0b08eab9108ebdeacd6eb52fc967f0bdbcb06

SHA512
7ae0c6ef26f49f8cc814a102654d268304009dec8035b21496916caabde0c72b5145ca6f4b652968f0794602158d596f16ac3399f4a7f210d74f2cc2c37a0400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa852ab2d010dea76a6abaaf3155a14d

SHA1
47b1dbe7bc6063a4473199eb6ca211b9d6d87c7e

SHA256
6c83d735af893269b85ee02007ea2c4da8286a0280596e137850b77c946786e0

SHA512
07df466e34ce82430d364761a67658b57b904376be795f3c5d937ee6d2fdafd503d46574f0d033241de1f464ee989cced3ffe1b40064ac4b04a6a96511dc2a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a09c392f6dec486da4f0e238d7539ce

SHA1
df0e402b1594a5a4ccf4c8f6665b3d8d0514f317

SHA256
6b6ff88b7338f6765dbda81ab823055b8a3344623d6833201c972bb805120e53

SHA512
90dd43fe168d974385b8cbf53d2a05574c710be5ce84a23a319c6e63c9fd0b4d7a75925961a69c281beefb27d55dc3b4e3f028bbc995973ffab0be1bd3ba4f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bfbcc6da2d2b6928fb1a4f5b92f1f73c

SHA1
e12bcb6db48f9f5fdb7df6a1aff29cc6c71fa3b9

SHA256
a61052be7f3b0a1152f701a6b9f05c114203a1fcc43a3e5f2ec91a2ebefe6f44

SHA512
0892314fa8b4650d36ec7e55431de57fe1a2f4e82f28cedf1ea0184a316aa06977610bc9d62258cae57905b35057810fee0953aad50c48cc244727acebb794f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2aa2ed34a91f0a8ef7f5a7a6ad8791b8

SHA1
9c3ce09a25053432005f3a74bb5a23b30335ea14

SHA256
cea8c68bb8490ba14b866b045eaf4e71f064689be586a8c2e6c62d858bef2b41

SHA512
5399044977a7ec8582500d30ecdd3a4959500c4c41822507bb35f9e7db552f4f8b80315ca77c2d5496db28166c87345a37c13640340423a470d6a9bf76f8e657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
7a035f5941238ac93ae66984e2b33b30

SHA1
bb6c7a5ce544f62aaf2b15b3764febb33a699b39

SHA256
cb46a0227bf17c709a883be954be85f95dd3a028d525948910b39af95b1bece2

SHA512
ff88fcd97b6be0c31373329e45b552a0b0e57a7f39cb32db6874ecd946529e3a5c11ebed5c6509efdf19efc12bba027e2f610f16e3ba1893a9d755cc947f6d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b779.TMP

Filesize
371B

MD5
66eb12e94cf3f175994306dce1e6ae76

SHA1
4e3c828d6a0576368a4ff7cd82aea27e67d7fd7a

SHA256
cfd21c04476ab0185c0d25599e5c63557aa2923db58cc22bcc13a93e149dab39

SHA512
db13cc2cc9e1ed5446c6858e28e305ac7ac3f604bd2018da0f3e5540decba6c02ff0c6702bbc29a89d0b3c13b02dd9d0d3c839f02cc58a67347af022450277eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ccf9904188640ec95a4a4aeaf515ed91

SHA1
1853e0ba1aa357bae901d22598bce2d2c956a3e7

SHA256
42751c0620cc7e39207d16a26b55fd39b36203962a661a6ac1c12e127a88cc57

SHA512
29fb5d4b5ae3c45f23910479077dc7a2762136f514dcef95f4c47f2ef04a4672da4814dd20224168db40c46dc5b7dd3ca47f66d393c1307a992b87f6cdbb5a14

Download Submit