810c8e6ab7b4097a3ae9a29e18efb405664b40b7169ab3690dc40193c57761ed

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c799dc9bc769018a01c2c26db2248911_JaffaCakes118.html
Size

48KB
MD5

c799dc9bc769018a01c2c26db2248911
SHA1

ac0194e727780d64f10fb367de8a5a403cc72639
SHA256

810c8e6ab7b4097a3ae9a29e18efb405664b40b7169ab3690dc40193c57761ed
SHA512

6162c6969eadb414d6150b7aaaec437d66b0f1079e469ba0cfe34aacff35b013bfd374335e572d6ea9926a818efc58bc3c58a75101b2314073ac85569b38e1fe
SSDEEP

768:l1G99NJW6v2bntQQblha1BsSdh6zqNdh6J1MOTUS:l1G9LXezlblsFdMQdMvzUS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
4304	msedge.exe
4304	msedge.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
1896	identity_helper.exe
1896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 2460	4304	msedge.exe	84
PID 4304 wrote to memory of 2460	4304	msedge.exe	84
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 1220	4304	msedge.exe	86
PID 4304 wrote to memory of 1220	4304	msedge.exe	86
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87
PID 4304 wrote to memory of 1084	4304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c799dc9bc769018a01c2c26db2248911_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10320144294095680181,4415173170313765755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
75KB

MD5
0c2b18bab799ec259558f10c59e5d62a

SHA1
22d35f44e9c9e06e82ddd15b4ce455a1501ccdb0

SHA256
2b0e6883bf74aacaa531cf688bf35111d84b713165fe51c836727988324b4050

SHA512
80117e3782ba161c5d44d0d77789989dd6a799c5fc881663a17931228b3ad351b830eaba7c78ef13b0b5f996205a416d258bb00534a3506e1450549fbd3e48f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
75KB

MD5
3eeedab8760867678fdeb17bc2ff5450

SHA1
d64670c2f4d63bb05703dd6e1a9cbddf1fa6d1b5

SHA256
f4fa5152f2f62499a3760d829da4da1a1d9874e2ea2558618e6bf72fd9296811

SHA512
1d52cb648bedc9c9c1e2e683af2c0b5d8ccf8e30fcf0222ab609b4afab74428bd5afec5430893b619e98c7f2982cda6e61c12205e0addaa1ce96e31dcf67dca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
75KB

MD5
a5dd2bf1a5cea428e0c8bd126b4a7919

SHA1
47a89d1e40a0b759d4963a6e82c9af84d51603ff

SHA256
537188062520f1bff88fc6ba64e96332598d52d9595f03fc022eb876010cb70b

SHA512
43f0f37e996f6ca2eefa2e67caf8b18d408336ee627ed981012a827e8eb3cd22ef699f4cf8022ae7a840e8bd60e4dfef059af1721529b4df1e6b10274dfd2c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
75KB

MD5
f6747902154094a196d3efd1a3697eeb

SHA1
d40aebe5f1130cd9b4127d2a34eca4539a37269a

SHA256
1670b4ef2f535ad98711df94d62bd4543005b44b4d4fd7d91b5c046f6f5bc073

SHA512
309a9cc6433af26c1351c45b80e2347a8888ca56ce0d68e396772743415c3b89294012d79fd967eac34cd49bbab4a02ec04429e1cbcdac835bbbbf7b898fc730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
75KB

MD5
c9baf9b21d6a83bc70648079e3d57c59

SHA1
72b8c444d2ab6af5859ebe651b01724529ba58c6

SHA256
c99fc54ef7133c01869ca62ebec1b17a0564a8d58e0afd6aa04a41ad7f1ddfd4

SHA512
e91aa213530cbd318892a1a0f458c50aed5adc68ea3fda27ad6e5476bef12f8c45ead5debe5c23b4c2f8b4ae6b2e944ce310aa359e4a23d9abf6f18b5a8482fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
75KB

MD5
e7fda72e0c5040b0469baaed572428eb

SHA1
9603b324c1b288a050bf6e8d88bf199a6009789a

SHA256
bd21ac5954deba160822d4f68c232624f338dd052a4f06b05519ad48f4219f4f

SHA512
53089c792089039d344f461483c86b9ca75e50d805f7b8d7eeb4ae21e17552ac69c8e267f4b2597d38c203e79c074dc9af5697a35d3eab0715fa5d855d77d009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
680B

MD5
9ce00327addb0ad628f22e06abc25ccb

SHA1
409aaff99241b52fd493b752b54060801e5bd8e7

SHA256
5ff69c8d78f1e69cca34d5ddbb7b215bf08a753453064ef5388edc021e500def

SHA512
8b0b97c1436d9e4fa6366b0ebd392c530b7818b6baa12ca8c5590881cadc2f7f8f05f2c186f75eaf06f4907363f8d8c295d66f471ae4350e03a6123adf05c873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9bf8e9d7b02037f5526a4084ffc8cf9

SHA1
42c76cfd7ebf5cbf4ff8a91a929119fcaeeb3da6

SHA256
16f5ca1e3f6404639cde3657a91c89463d4bb6090192635f4c041f1a304cfb89

SHA512
3d84573bb3a5d152c3dd8468e6c7b91587d6971bfb0be1be3378db797851138c0f13d75f4e84089cb1b35c719603f3ff62d67c8d4a09e740e40b928d42c284ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c2413ba209ab65b5c8d59ced047c130

SHA1
73190a871fdf2f3cad6d737eb5ac026d31b617f6

SHA256
65d7481cd542cadc28e517529f0cccb0d33b34ba22cc04fad784b0e9f66738d4

SHA512
7c030bdb0048fea15ea54e62702455fbe041b521b16329a7abae3e4fbc74aa04a98ef4733006bbee63d0562cf7aea7a9c5067bf16fa47080c3225dd8364ea317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3baea06d8521aad7d3ede9759012fde7

SHA1
5c8ac49ffee0c2c6dd37620ec0f16189a50655b8

SHA256
d64b80ca9a38689917f62e708a4df6f9583e62e3f0ebd0ca6ae4b8132e933c32

SHA512
d8a9df62317c21f0a2e885ebbdc6db4080acb5e8e5ab11c8a6c3d1a383965c3c8171ff557243f46e308dbb2de67cc5e2094958d5613b11912b12597236e91cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a87b9c5a1f3797ba4b52e94065dda45c

SHA1
d4506fb8bbfb8623cea1973b4e7ad4ed6565e8f3

SHA256
e1049be92edb944b0ecf87ae78712803d1ad577a44e0042119ff2a5aff7941f4

SHA512
a1a8d0181555abe02d15429217778fc6cabd4791097c33b66d82a31a78dc2d1967be0ef0e131a01b280885e13d3da4e9fca28d102854f9369d72e19a107bc9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f112c8ccc33d4d23708fecc1e45bb38

SHA1
0e7aa5b8e131a9000692435d723de359dfe02b63

SHA256
3c947c82edfa74f041a4eee6736dce62a29acf23f6a02dc8f8e5fc95042f06e9

SHA512
c2c04a20c1637ce3822096c7169c49f8603a605f223b395f3d9f063b09a5b2f3e8a01c7e70d5b02663b41e43477b81ba83ee3c741b5fc4f1ce64e736350e5618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f526ca2074f500cc64116c6c8e691016

SHA1
40fc8c57ca2b8434b97d8f70e39146443ed68a17

SHA256
4df0406daa42d573266d646cc5edbc18ae2ce0def1b002acd951d6ac0e45d0cd

SHA512
766916d6ab3db9628733f00f2f18cf159bb06d7c483643b2f42e66c9f1373ab73cf8bce6ddbaf4d8c8d9063af38cd4dd8bf91dd27fd3397902f48d2b1f9a9919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
21df207c436355f2419bca89214225f2

SHA1
e1da46b3aaf3f093e795892f375a8ceaf567cee6

SHA256
b46564c6f3a53728829bc17b8b7e5df2445f7a37abb57549a59f0382c9b2ceaf

SHA512
5d08027e1d2919e809e1f156d4f5d253227556965fc17ebadca40b5ab522e8fa5cc334e1e474743a7c4faa665b83218504f2fcdac82076344f33d6f3061b4b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
af491a6b1a496f17a647cd4a72f519f3

SHA1
ffbbf8e54904ef3191f01053950a49f4f1261864

SHA256
a1f8168677f9211c69ede757573660c1238e93a63ea230a183300d4cbc0727ea

SHA512
745f18ba72248459b4c19e85110e556b27b306213aa2e6a805c3941e6e9d4bf551f7a66becee7eaaa1d4175e16569df05ea24b4fba6cd8b0d1fb37b420369016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
98a355e2c683e8f2c962e73d08170b95

SHA1
a0e5ff002a9d7236baf0fbd86acefda37836e477

SHA256
8844d0538d7028a69a558ea244c95a4134beaf363fd97c632f1d04593f8fa6c9

SHA512
d003c1fdb636a8bb4b9b4fa0cfbd3db59e3792baea9a2c6f52cef99b86ee3d59ebe0d342d26400dc4aca8dfb058e1feaad7496e1c0ea42dc41b9c1bc2e1c8b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
1f980fdce92c2b40f82c3cfe7503809d

SHA1
e518452de7717e13590a07327fec36440f3d06df

SHA256
107e930443b21faa6e9d678b3548856986a562e76d3118987e123d6937fe4c04

SHA512
fd2ebfec51922766883b28a548ed64433dd7cb8bcb3149b43fc87a9543d459b225493b7aeff25e95a950e9c6967cb5b1ca62e2afc85a5c3c5dbd696dad5139c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
ba8606d76222c41fe0ae974c88daccd0

SHA1
9e05f75730f9414987aafa4c9c70e5b23e83f089

SHA256
fa978a1d45d8dfbdaa285989497847aef8e7398f92ef565813afaaf3c1108727

SHA512
75f364aadf4fc0074421fb716658a3755e21b4af0d93e4f0a13e710b1963f1190a69f08efc44322c62258e75c4a8de84a3ef81054c02c14cacce05ff9d842095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a7c70877c067e4120a7e9a1d4dcebac1

SHA1
f24224b2ebe0a5f64a0a29c9b9afa1e73230c2a8

SHA256
9e3d2f5c7b7af1fd3f19232b3cd5a3b58982e81324059a74e03772df81017977

SHA512
9d419ef40459e1405d23a77d3e21c1bebad38791bcbf6cabe7a6c4a57f3602b994a7c413e95f63b2c57a9c530537d08f6fbc8f6e1fe15b7cda22ebfe950d366a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0637e873be26c63b5f24cf9fbdfd01c9

SHA1
56a3235b9922d00d6390dee1f61873a46144986c

SHA256
8ff852ef8384f5a9a9b1a9efef14720719afdff6dfa1a38d930859c02e30f081

SHA512
9c4d2f69035bc8e459ecc479e5bf17e9b73f20d8e78a9444e71b449ca696ca12eb97008cd5da754ccd15081c7e7a8c5edb8d4647886b7b95e62200b9d6d4d4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8d7.TMP

Filesize
203B

MD5
4de319d3e6ccb0e824665e59f6896181

SHA1
6f1e531ab648ab9b82ad2b3603391afad6925504

SHA256
4cae70fad548803fe87e7a43a375520f62285eb2a52b91edde18d76ddb20afc4

SHA512
94719f0d913745d2f71e357e3a16af31459b0edcdfa9824ecd82095b2ad528e299f2881a82e96c541d4a331f6160613d9aa5c39a3b2962df7323016e04ee6280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d3883e4ed15856a66ff4ee39a17dd07

SHA1
66736d9bb722909f398252eb7f97b9cefe0ef02a

SHA256
232e5d9dc3303b649778c63be2c4a6e62b0a77644e2fd924e2840410d39e9483

SHA512
f07b63b2261d32e2306fa9598ae4a1c0fb0f16f2bde9d673538f6642891fc26458413fa35492b7b9549600a5521d36ee65b040c2f8ecd5a1e45f5a99f037b778

Download Submit