7ef0059d70a71197524cc4d5bcef7e5037c80c10258fd2640be492ada1de788a

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b1d26d1abc8db3ba6cc24c84fa6777e_JaffaCakes118.html
Size

44KB
MD5

9b1d26d1abc8db3ba6cc24c84fa6777e
SHA1

9e557edd6cc0037c41e612bf2c9efb42918ea90a
SHA256

7ef0059d70a71197524cc4d5bcef7e5037c80c10258fd2640be492ada1de788a
SHA512

d2667c992b023316eee0ee6a39adb19c257d676f72a2c0f5c5d76524a744d3ccfc7c926a46f00088b9dbea46a777f74957bc5d1f6006bb4406c5f21d8cbd7357
SSDEEP

384:sqr117vfWbJKuBKCru/g4MtzrsJSmVDAGVe5GVIcHGV+QJaNGVAhhGVis4GVgNHc:7RsJKSU/g4MtqQmpcXZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2412	msedge.exe
2412	msedge.exe
4700	identity_helper.exe
4700	identity_helper.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2936	2412	msedge.exe	82
PID 2412 wrote to memory of 2936	2412	msedge.exe	82
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 628	2412	msedge.exe	83
PID 2412 wrote to memory of 2516	2412	msedge.exe	84
PID 2412 wrote to memory of 2516	2412	msedge.exe	84
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85
PID 2412 wrote to memory of 440	2412	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b1d26d1abc8db3ba6cc24c84fa6777e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85efe46f8,0x7ff85efe4708,0x7ff85efe4718
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2954171509481881576,4063831341861411169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\19705259-91ec-425e-b2ed-559a4995e437.tmp

Filesize
10KB

MD5
c9be7d4af20ac961a1db0ed07d3f9f57

SHA1
f1fa0115e1e0d5d122046115f12a9a394f3e7a37

SHA256
d6d840d2ea3c32335d14880be446f05f22fc1a8c27db41cf4fc5496e3e81944c

SHA512
8c375333bd05de6ca7aec38c828c951bb3ef54b5c93807736d6d9b4779c664a0455ccae3cebcfebcb80dc85cb9882471c5972d45acecfb46c658937105638bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
411432b8dcfa3f4a35b094bb1e791773

SHA1
141c31c39ff36567ffb82a7edfe0ec9586da7571

SHA256
bed62605075ebd9de8d5cf931db8ec3abfca8cb52524cc8603d2a4ffc16b98a4

SHA512
84fea03ad6e2a2653e9a1a16cc00d1548d35ad5e9f6061e8dfc12b7129060e03a95573b1caaa017df6185bff8f1d9bb83274a6f0d723897cf5f71200efff1019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f257d1bc7fcd475f4d9a9c128145a01b

SHA1
8902adccbb855c2589d9f65fb3e86c8e778f1df6

SHA256
1fb2b178a79bad7782879192cf4a4b74b9e4a8ef4d2fcb1c4be603d3bab7e686

SHA512
a2834fb97df24eb4b613bbc0ce991aac8ef99c95bc77c17f068f1b84bf7170e989eb070ee5ed4d0612137c369f793e04ca29c3321ea28c88bdcba980290e0f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b486df6d09f28b1e0f6d79e5b0e3865

SHA1
41189c71c2b616958b96d38942498df58b4a51f6

SHA256
7122627605b5db07719577dab6164906a8e6472399629114de590353f95f7885

SHA512
b407785350c6c68334143a4871c4fda7f31d589e1a2c8050df71b6d4ac03a2488040bb4ae75064a6e44a0a80382fb08140f470b28896fa5ec1764c75ce536cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8567a83ca00354dc39c7c9f8e4f0518a

SHA1
b07b44a22a1fd8e9bd695093a95a54c4a5ce551c

SHA256
7f204bf72a772d899e1ad83574df293acbbe4b54c23fb28ff0c60b21275d148a

SHA512
b8bd2b139855f38f86951e30a3902f60c019a59c0ef1493ec5366c0071a711033602d36a0e8baee508043f00c440912a4076d863c74f364bc2b77d979f1c969a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2e232e2788c690f1e6c2031e5f9e808

SHA1
0405d47366cba1ba510f0fa7b6a4394ab12b200e

SHA256
896ec42a61ecabd5f7b270051129bd9d4d6821481e485cf013d0f196202c8f7d

SHA512
9df1731785f167391234858627f9ce5092247d67596560606b01d948f0b0696ee14d31cbcc2679162a468a0409aee6acb8b57f6437af0e659d7d96f9ff74f930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c4b9b39a96b5a0f837b33f0531f6825

SHA1
a53ee675e9c8ee215b44957f1b7e4ec17d16756e

SHA256
796927625a15ae6136b65385005b17ea62047eae3859b131c3820b0c5f2d3385

SHA512
81d16b3aeb09950ec40107ab2e2c05917308011134753be17516f9dbbe968e46093a961a5cb9ef4e67cc5b9a166ace71b2c48aaaf0f8ecb81c27607cfd3c11c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
9c1de1b79e4fdc1abf0c538783405c3f

SHA1
0c92ab080bfa9739b3f961e61ecdf5efcda2523e

SHA256
7b80d954a3153b59599443723ffbcbc61b22ef787165d31058bc42768c5d26c5

SHA512
598bb62e80c01af308bb36feec91598d383e6d0ccbac79126e4d2c4ddb27143688d6d0d9654901a511f4ef6c29f0930428becd823aa3cab595cb944cacc4e434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b248.TMP

Filesize
203B

MD5
90f86951c20f52c4d5e9f2e4b1852411

SHA1
09cf050999c51513dbfa162a899415b6fb80597c

SHA256
88d31349560079790fb5df45445545ce9c216740c59fdae8a9c02afa0440d66a

SHA512
674b9337d2a75ccd4870c353f5f8830d5e2ddb9cca7c96cb19af4c5c16288e73b9c92db16e83f5437e8d911ba7c5d931acaee3ac0aa283f5d58816d2abe9fe6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa7c2ba6-c2a6-47c5-abc5-daeaeab06543.tmp

Filesize
5KB

MD5
efc618bbf719bc0da9a769a6704239c8

SHA1
b88e01b71f58da5896021b90fdbb21d71b6139de

SHA256
fcee3ba047b2969afa5bea4162840735a9aecf0cfab608c7211b56756ce6c0d1

SHA512
ebfe8b165f65b808ffbaf3960eb897d5c9a9aa0872002c429db2881cf90a43a38f65b191e9661522338361980c66dc5034a2ba5a7636098ce5091fc6e997725f

Download Submit