99c72820ca59d31319c834d328fc41aaa1dd64e1ab6991d3a7c5324891b39af2

Analysis

max time kernel
143s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d9c05f7ebdc3f2abfd51a41d8b30774_JaffaCakes118.html
Size

535KB
MD5

3d9c05f7ebdc3f2abfd51a41d8b30774
SHA1

0a56179bcef8898d479021c3e372efe234ab7d09
SHA256

99c72820ca59d31319c834d328fc41aaa1dd64e1ab6991d3a7c5324891b39af2
SHA512

bf640a07a96a1110d0bf9876da185c5d7434dc1b28a01e29f9380de3a00337a782a49fa09191c60afd6227913036a3ee6bdea90bf81420e35e37e25dbca9a97f
SSDEEP

12288:PFE4f//RpFJ82818i7y+XKgSpjR0FtkrRycwT4U5M1ip:Jf/+cwT4U61q

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
1744	msedge.exe
1744	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
4008	identity_helper.exe
4008	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 1836	1744	msedge.exe	83
PID 1744 wrote to memory of 1836	1744	msedge.exe	83
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 4512	1744	msedge.exe	84
PID 1744 wrote to memory of 2672	1744	msedge.exe	85
PID 1744 wrote to memory of 2672	1744	msedge.exe	85
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86
PID 1744 wrote to memory of 760	1744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d9c05f7ebdc3f2abfd51a41d8b30774_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce95446f8,0x7ffce9544708,0x7ffce9544718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4204452890855742722,6522680351715144778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
fd9c7f314076c02eac260a25c4c863e8

SHA1
3f764907b1716136437f3544987712d6bb12600c

SHA256
dd56a119e7f2270f0544afd5cb1e2e372f882524f656771e7cc664dc0a538c13

SHA512
4aa290c74a4fa0fa991e5611b58ad3007abd741b982bac752f77cf9e1efd0cff374f0bac08edda212b5c4f247674cadd2688c67ab9290da175dfb42ef545ef3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
572cb072d4a638ad51caff84cb344a68

SHA1
1a2b9b634e75d912022f047afb14bcc59c04c224

SHA256
928c864bd3ea7ed54d0979e0f9568e134e14b6dbf8398be439e9d1481bd0c4ef

SHA512
8659f5311b09e802233cd605ecb36c149d5b70f6e7e18ad57463f1ce19c5519bf819f66544c5f29789625716fd1e8bd89c40069fa073e7d6150741dd01ce67f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7746b660ecedb926c6804e04e8c699f6

SHA1
12f7d034e8896a1f292900c568af75af531f08bf

SHA256
9e1d88fe2795fd71e92a7b0e9da7d5f5c947ec7e097f8575f6db71cdbde40dd7

SHA512
2598c3c9afbfe1a7f47b4be3b759495ab05278958c9716016f203b44ab888ac6649a124b1847d62246cc82ae858bbf172f0e63bc984c60830bc07d5ccdbfbaaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d51e04b79805f877c3077793d0a13f7c

SHA1
a35d7ebb99e306767001863adaba30b2353f124c

SHA256
2c8541f213f61c8ad00ebef546bcb1a12aae5796410fc6274ff172a8b86ae357

SHA512
2ea6d1f92e99735d2a1f58197753a34ca32bda05640509c7fb9c2b236e3888d07dd0971ee27314aaffad0a72f6e4da7e19bf8441777053c7aa31f228f31fdc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
359535ef1df84add3fe956701e85f4ec

SHA1
3188532e398b5e63d5198c1f7302c69ef4b7b29e

SHA256
368b93d84bc830bc7fac1a373bbac93633976aa5f497a9b58f52931801c39c75

SHA512
cd3eeae290ee57541bf44b2511c5ca54dc40d873a9b87bfaeb7025a2d26aa2a28c2262ab0b24b94de1c90d2f78bd6161515ace4f3fb778b0745fd80dbdf4c3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3788e016a2d7993f89371de328dc2d9e

SHA1
faa75fb1895bfbd7346329320ca084535705d870

SHA256
b1984c9463e7bb9f9a313f36fac4ed44048483049864feb1cfc8efc7974fda86

SHA512
35fd64be9cd839d15e285043f20cd4c0bba5cd7d1d96e80ee834bdb23a73758b842de13cab13608c00211d4adcf5b3adfa4a3ec6f9d7495186a558f8298cb6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16b425d35e6a775d24920c242b3f677f

SHA1
5311dffaa292e069660a7de887d1ff4444b5b16b

SHA256
cde39b5d8333ff13c397d52ed6a58f356519542fb5a6118a50b7d77daf46d09e

SHA512
906d5e5773a0678a8f3e67fac5dfa2617887c3d7edf81a18b66ed8ac4c36d479494eef9528482c180d365c096d6e0d75c11965423aae8beb4ee3bdcd8fc92efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4814c6f3fc08c1b8f6a981aaf3e8144

SHA1
a58c4521fc278f28165f5b5701da43be38ed5e80

SHA256
75823ef91db213acc546e91df4477225c8d8d8eb4fa96ece44410ca9f02dc3df

SHA512
b045b1e5dba44600b62e3298a2b0b9c9f420723e697f0755e21a7ba44f00a9f64239d95af4de7ca9f1bf4eddb9e4e00eb93d12ed28d895505b0d8941613c0e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
67607b46cdd3bbd1a462c1966a1c97d8

SHA1
52d149143334b77a9359ff3ad007cf8a17babea0

SHA256
d7aada4e3fdbf87137602fbda5a85c6e2bf4002d9c87e428f69b1a3cc5fe75cc

SHA512
eb663d75483db57a3556ba89136cd2c56e821592baa736ed5850178af6ecd6d5b53c71ead2838b33e88a30fb9b88c8fa7b82fb74f18997f327f246221e0155df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
cb5ff7fd062a59a08245343e5c5e1c36

SHA1
ffd7331cd703a06fd48ca91d15f6fbf237204403

SHA256
722e85a39739aa7ecc1dc5c3aa82a639f1173adb7aa3c203994f992a863fcbce

SHA512
ddd16f61e9b14d4c268403fa59a136f92cdee9b5eaee4c813f42476dd0dfdd40f13d320f808e3f7b1bfa6ce361ad24a37b7d3f9132bc3bc33ff6cf7555d08725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2ae3fd370816e67b6c36e5e3ff00683

SHA1
90975d80c1cf79e318135a494e91f92f8576b521

SHA256
4048bf59b94b6b369166353effa74912be7fcbfb0d3be229609120f4cb2cb991

SHA512
f5cd03f5fedcb270ebff52998ea4868248c88baa99f97ccb9269a20e00118fea7bd31b736485fc05a6938bc2f7663be73ac95a082bd396b8e165d9b693581ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581335.TMP

Filesize
539B

MD5
1e33a552e986b50dfe35b985b41d4643

SHA1
30667968ebbc5ae104dea965f6dbf58442bb2731

SHA256
7aa6260cb12048dfd0f721182a122c59c5ae91a2c0161f5a1d8ac69d2369e474

SHA512
f8dd0ab80071719bbb924f5b4084be613eab426875f268278fe707971e5a6ae5c0c65e8d0e76bc1726b067c6c074a67f9aca27b9df091b17654207c956022216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84ee42ac311c4adc0c162e2fc5abcfb9

SHA1
a374d9fc9b1ac33ab76cea30d4609a181c5e946d

SHA256
82abdc6bd86a49f397fbe7814049f4307807f14b61279648e6d84dc0c3f62f38

SHA512
60d79842313c56d6f69fc38f81d1fa0fe7aeba0f1f6b17e4d6ca82a40c2ffdcc5c87c123b5f4edb4df37b0fb60ec2049e5d1eb2e63b6b862037406fcedc51429

Download Submit