a7b03aa23bf32e26746bfbcbc0c904cb3f527d49d0dcf98dc7c3d4ffa4f9610b

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2175e1ece73852dedea4debab41fe66f_JaffaCakes118.html
Size

299KB
MD5

2175e1ece73852dedea4debab41fe66f
SHA1

c0fe8a9f6ded184a1ccfab7932716abd1cd8413d
SHA256

a7b03aa23bf32e26746bfbcbc0c904cb3f527d49d0dcf98dc7c3d4ffa4f9610b
SHA512

a0fa8d06bef9f0a8221bfe94047d4ba335aedb950eb46aad0952d2654f0fee60fb7eae62c0b5a9c0712de3a9a1b8eee1302488e7f6f1637f70f1afb4961582aa
SSDEEP

1536:mD+SbTTF1SjTtVNkltM/jVII3IbIre0iLgm/6oFHGJLnvAayM/wY3I9dE6OCBMce:U+SbTTFgVItCVI2oXMcyiTCH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
3740	msedge.exe
3740	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 2604	3740	msedge.exe	83
PID 3740 wrote to memory of 2604	3740	msedge.exe	83
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 4504	3740	msedge.exe	84
PID 3740 wrote to memory of 1364	3740	msedge.exe	85
PID 3740 wrote to memory of 1364	3740	msedge.exe	85
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86
PID 3740 wrote to memory of 1208	3740	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2175e1ece73852dedea4debab41fe66f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce95446f8,0x7ffce9544708,0x7ffce9544718
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,18141879916764830957,829508110024257990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
dca10955842a337d37f51abad01385c9

SHA1
f56ec57d49373c053e2bb2cbf389b13451ea3fff

SHA256
5515c3576a1da6706d1c3f26921fbac4a3fd27c7207a1ca448db3aefe4a8ec4a

SHA512
f777d485b64df19326f663d48daea9698bdc05f457c4a97b9e069a6edf61a8a75ac350842277c360c15f8573054af3cc16c17bb13b54a6cfaa05557c72b6627b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8ad09df0fe72fc4a8dc692278e9af3d7

SHA1
3ff87102b36bedcf71d57bd4d9c5b2cbf79e3a3f

SHA256
c185c267e0c7a9a4e989a7be875578de2b0733b2cc6bbe8652d920d67d482926

SHA512
e2e7cb2c07e03b5fb823ed02a15ca00b340c4ef38de21c109baec7a5a069c8fcd675b95f6b8de9140a3626aada1b36b91d83ef37b7b6e721f4398db4d5efaec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e1b6d9da8722c3a1d137456f3318ef8

SHA1
f454a1c6fcf792b4afbd30fa58c73e3cc2438f37

SHA256
2588ce6b22f32db38823fd82d14d74d783403e8dfbdab109b3ab03a8893dad88

SHA512
63f155037c9f6edc3fa11f9185bc14a19b708a28061a5357b402f54835fd0e84007216f614114adfa8a1ae2e860df7521e6f837b092653dfeb430666427a29a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9499ded71120a17cdfed1aaa150ef13b

SHA1
a226566cc03a754b8f94385c85855d937eb0383f

SHA256
aba571d468b17e5775cd837727d955073c11412aa7d39ac3281d174654a58e98

SHA512
9d11933a24df6cd561b87d42fa3cb51ce5bc393bd46b25db0b32cbed78bfdef1f9231ba853d7dd5deddcf5927b9e2c757d7b81a5d6a5f43806032ec1d6ee0900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
882f4e342370a8091b53191a43944e33

SHA1
0964a78a3830a94c68b547a7ff091f77db21acfd

SHA256
2510419adb5f5e45a46433d21cd1793b0e41a99ca0eabfb8d2f8c086e3cd77d0

SHA512
5f0d4048a8cc155d189fd58def1f140c25ae248b9b411e06035eb8d66422e453a371d7187c31cbe53df52b5c633c15e75f47eabcec84803e14c394dedf5fa5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91bf7aaba3a446a6ac30996394a273fb

SHA1
e9f89915dc3c622c4a618bda96ec679cb2d81453

SHA256
25f5ef53ab1e971818f6eb71ed9ca71629d443391138af509d68a1e7f1497a4d

SHA512
1ed251c17618b09810225e0b2186f342cae3083920650d07b16bf79f5a25caa7054ebb756575e5576649510b3df2e67b5f476d4925937502a2f2aea1402d8f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7afba5f0685a9a4749c531424a2aa570

SHA1
554e84d5966186ef7bb205857fd9ca4e51b16628

SHA256
5afa32186f1acac78842eb876fe56b4b1bbae12e6b9b3367e9fc55b6b0e1d3d9

SHA512
80651511ecede7a49c09a58791fb47f79d3096889c36eb735041ac7d837836440e55aecb478c7ece84f8d7cc79da15462b768c31b2d70ae262216bf678d8182c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
03469a6efd2ab590701fc5b09f304942

SHA1
8c976fc35e091a53962434a1e66f84a1258fc075

SHA256
50db70a083ea8c1dcc3dd8aee77238bb6cf7b4060c3d5717cda2f1347dfdbb82

SHA512
692f271cf05a0f2d0edf38d50a6032189223523b7a6f2f4a9bb7178f0891b6f4c1ee1ba8efdf095f0e48b019b596b72332111a38ed2e35314403f5ab02043dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c246.TMP

Filesize
203B

MD5
a79a8c316e8e2b922e5aaa047dba0b8a

SHA1
7371c675754a4d1f007905608e8c945bf92e4c70

SHA256
c1860c7380c2f2f419d3a6e2fb33dd5f851b4c17ac595c272d01100aabb320d2

SHA512
71ffb09360aceb970c13a20b0bc515f43d53d4ff96a2dff9764e6dfb68baa899374296a5ed458135604d6a1f8c687c790e1798846452b2c4cf33ae3493a70f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89c500cd7dbc8f54ead64b4bec1f1b96

SHA1
eb39fc8384926772a1aadfe530b8f3e680d36194

SHA256
d9bbdeb8ff756d8ba716b2468f3ec1449c17d2525ac991b0f62e51b4b9863658

SHA512
3f3cd3b14e44c42e906d09322e9afa395b1d5f3ea44fe241c09927d1bdfc1bf72fb3f8cac12ad1f9b4a3311e067eb1d8cbfc62ddbf282483f898a888a873d74d

Download Submit