0d4b26740ab885dea3c0a85cdf6d78eaff7189370da657fe8888781eb739b33e

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html
Size

266KB
MD5

0e7b3c1c18d526864359a4d866324f34
SHA1

189b21f4bf467f997e979ea960393e79720c041b
SHA256

0d4b26740ab885dea3c0a85cdf6d78eaff7189370da657fe8888781eb739b33e
SHA512

0cca469731091b76ead6a470e260e83c0d91d8f5a1da362b4a24ee2b22f1787c8b6411a25e3962f59788dfff3a88e161ee2e1e1b9611a8a677e8a3de6c670b29
SSDEEP

6144:N1WcJEJpQJMPB9ErL8wQvtK3pzOm/P/UWtBiuQiCHVptnTpyglfz4Va+tMZrFWj3:N1VJEJpQJMPB9ErL8wQvtopzOm/P/UW9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
4508	msedge.exe
4508	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 740	4508	msedge.exe	85
PID 4508 wrote to memory of 740	4508	msedge.exe	85
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 640	4508	msedge.exe	87
PID 4508 wrote to memory of 640	4508	msedge.exe	87
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdbec46f8,0x7ffcdbec4708,0x7ffcdbec4718
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
31a20542151c3585dae73871ffe3ce66

SHA1
fd6ed4379cdbb5f72c009871aeff7672408a2c07

SHA256
4a740bb20861a2e39c2e6b6aa558c018aaae5c010df3c096d9f4fdd209deaaba

SHA512
4d3c95d39bd9f4fa48cc77cb6bc6e3642eabf8440c50388d3bf5ec4d44ba96eab630c52a55cb55a12166f091ac4a056da30bb29177d2104272ceaccad5423603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e20d999a160b6415c43ec553249fd004

SHA1
aef81844b8a83f8bf02c24bbde35a44a0b343e02

SHA256
b75018c05bce5914a8b7045ec315bd94544c13bb9153b8e940cd7c62bd43fc4e

SHA512
945960c6fa2cca4bb61539bd8304b48f7e9e926faace230fa36e4ba78a1b98cd485adc1103ec4a1ecddce42a38588d6c64aee77de65ab614335b16ec9f651c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
144995c847cc0238194629b495cdbf93

SHA1
ad26b007ca4d59d4a6250bc7edbcc191039172fa

SHA256
7b34b8b1da9bcf25f1dd77322a66c6eea6a7cc52f47a4ec8f4c6439a147157fa

SHA512
c0376367651cc569d470c577f96d56566bf6b009d4897cb07f8d67e6c08080884d392fd0dcb39ad533be2a901eac1c9ec854ad4e88987b3714d9ab1c251a8e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
afe8ec370b2d9cf15683540f7882b36e

SHA1
21ebecbf55f5c7076743436f150f556d57f5b716

SHA256
e3c14f4fc9c66798605dffb58644f2da7ce4ab2a37072f0a0223e1296377adfe

SHA512
1d8ce50d9d1789203a3c239f7bf4f517bb5a32e5ef6447c9b1f9a7f15115953413dc36c9f47f7eb96341e5a77f03535bea7b789a0ba9e5c6d0a1349d2b20f88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef1d4e2921824fca47d11af23a14b629

SHA1
612cae635eb5755626e3c5ba5ecc80ff5e11a039

SHA256
6f57f0d68e21e8b02a3edaf5d1b1069c7b8080c49bb4f82e38565857d4c5effc

SHA512
2fc0ad1482202958412ac8feb93a87a12d83aaff49517cdc837ad453108057a1673de460b2d622b444dc6c9e4f6830f2409df518dfc13b73305166f62a5bb8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e510ac2f19c75cc0814fbf636f86069

SHA1
0d8bd84fd2afcc4d087712b9c3ecc0c462c7b4d3

SHA256
05b5e6e35a40e05118346af6c19384d305340b33e546e50ca2560737b34198c3

SHA512
2ac7a813233ec6f2c60955f1c9fd8c2306af88b841404662ed32dee2ee3ef39fe5c60066b03e4be82030617c33fb52d87b5e4c591aa2a255bafdc4412d2dc2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12fa951dd46928d1d43541337f18e4cf

SHA1
9a5b5e437adf89b720aa3b9333a84139d35fd37e

SHA256
b0af98dea0708fc21c6dfa1a0a24b2ce22610e9a2c02fd2d3844991daea36098

SHA512
af2a4ff2ba7e2444c15874f5142a0d7145bb50d5ebc29e640ec2bfc5fd27fbfe03d0e46517f613d30f702cfc6b5a554ba0654d740cda1e335e7b60a248b6cfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
792b0483e879e8cbb257eab686e6b2bc

SHA1
1ac42e288c72bf30a51e0251656b3509db86370f

SHA256
ed98b0beaf33d75b450664066bc0f6de25c17bddaf910a6234f03943cf6483d7

SHA512
b4429239109348ca3ddad89078c833b971d2263b6aac552e2e5edcc6cef185677c7d42b81e0e3235fe33bb13103075fe591ce2c3769e5a3a078cd2236e4a163b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
83f12f022d426617e272fe7f99b8cf90

SHA1
0952177de21a5cc50d95196cd28c410d3b946d7e

SHA256
3ac2cad771500b467ccc4a653c08f643d12a354df6e34a7a2575f2c70a1a96ec

SHA512
e5899fdb6ef7beaa7b196982be22ee4c1d66fe12c7d462633f413005f8aa314b65951b6ec903403268f424205162c10d5f030466f68b79ad672495daca216b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5b3.TMP

Filesize
204B

MD5
e5eae8c9be14f8e078212a9c7ceaabfa

SHA1
e5a68be163469b7dfa3bc29e5f8a1aa0c1c64d25

SHA256
47f9d5b91a229829d5d6505a961cdc26efeba1aa91d7917ea9bbfc2f2531868e

SHA512
63dcbf21a6fd367c0572d1df825a1592d9b1d3eb460b0a423f335cf8d4e63e62453d06bb9903ea3e23e0deaf93eee647d0eecd0ef85690f7be8391c0711f3a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07ac9d2550d73c64adb43141d30a1871

SHA1
126a99510492dce4b17fd8daa1612890991d48cb

SHA256
6527a918672b85fe223a8e6a41629c624608986b243220c6bbbc79a3e1f2225a

SHA512
d7ba79ef87a2f3ffddabf9409c7308b393e861866ce567f9ae813fada49ff8cd817cf771ca4bc6e3e9bf6daf6dcff1097bce5a6f527ee8e28244f89f91243495

Download Submit