bba6be87fb059e51467a0c943dcd02cbdd8d14f35768801d20f12757a4340e98

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2924d4609f1eae38dd4ecb2e90721b31_JaffaCakes118.html
Size

149KB
MD5

2924d4609f1eae38dd4ecb2e90721b31
SHA1

73ebbd6fa65b16141aa5cc0186a6f522ebb7ef5d
SHA256

bba6be87fb059e51467a0c943dcd02cbdd8d14f35768801d20f12757a4340e98
SHA512

8f13b79c5e010c95b944fa895990af56d930eaf5066506ea0b2e3edc9b093826c47a58e766d8b3c233c4987fef59d52271bd857e1742e26d32619f70cb1fbaa7
SSDEEP

1536:EycYYKHZ8BLYHz0oTOGOKXxwngsoAD2gGDNtiGpuTY+jqOLOc/O7OHdJyjEVftnB:EyhTHC9YHgNTRLP2S9JyjEVftnjQY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
2712	msedge.exe
2712	msedge.exe
2020	identity_helper.exe
2020	identity_helper.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 1684	2712	msedge.exe	80
PID 2712 wrote to memory of 1684	2712	msedge.exe	80
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1536	2712	msedge.exe	83
PID 2712 wrote to memory of 1984	2712	msedge.exe	84
PID 2712 wrote to memory of 1984	2712	msedge.exe	84
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85
PID 2712 wrote to memory of 4820	2712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2924d4609f1eae38dd4ecb2e90721b31_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86fa346f8,0x7ff86fa34708,0x7ff86fa34718
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2113617141418074059,7079245570875765281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c877fea2a4b10746fdc9973e95872eee

SHA1
e709db159ccc48338ce45cd75f44d9b6b6e86249

SHA256
67ce7efdd9e285a8618082ba00602a3caa2bc89f77599590ed2f38eb5c10a4f9

SHA512
d061e80fe8fe5305049f872ea796a98bce93407d65d7fd611a79455b1edf2288a125da26dfb6a1569d0cedf9f0bc2507c9b296300a4acf7874eb7506bf281b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1bff8b93112db14eccdfefeecdbf511f

SHA1
2869258a27dcf5e27f6a8f6a222b77b1f5b85ed9

SHA256
7e46cede20543f59829c8e255816500cc04fa6531999386ce4a6a13cfbf5a5cb

SHA512
999a769fa0dd9d1dca699e261b9f9e1944a8481a096a4f07d17b155d5e2753bc9b3ac05c451eba85263ca69c6900d721dd4f2e692179f55153a7c6e6d20cb80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
09ab80c800df05a9e744a158c7a4089e

SHA1
dde6c59d3552c05e0e2080b24cd134c8b0c3bb47

SHA256
03bc44f9aad67baabbcb72f40fc40e5de0a8ff7b577e3f80569ecdec38fd0232

SHA512
4226eb978f0a2865448a1838cd8ccd3a7af95f8acaba19b87f0675b37d9127165839df224070b5ee07d05a4c7e5c11f9514d7a5957dc191408080132ebb25dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd86f03713f6b01440f7a470513056cb

SHA1
0f8e3f7cf7801b6e2d7dea94287fad1199581d65

SHA256
0cd25ba982df62f5efca35492b818fad568bf4c801b1490292b179f188a16f03

SHA512
b5f2711318b276d674ec87a3760c757c986aa003ef7d5b90cbf6876f9d0de650eb1db581c488b8a211a6c5ad5f45b38129a92656782404ce361b5d141391357b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5d8ad8d52a866e75c55d18a48ef959f

SHA1
1db0a91d990f6bbe83645e1e14a78ecc4b5a6f16

SHA256
699e213c19b728ac9f8d7b82af88530aa98b98c91c849b67343e3c4ea8afbad7

SHA512
eb0727c77ee276c4603917ddfb0609902b0e1d01306b5e5e954122572efe46149eb2ea862f45b8303090df69e139fc65261fbaaa96f4acb3d181653ba56629fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf39d8d9dd88b92830618cc75ea4a575

SHA1
290a74d646e0710802ef764c9ac0f6e563c24959

SHA256
5b12251a134c35d123412497e89dc151c6497e13fad3748bc0b05d8009af1cfd

SHA512
ce9fc4a451085aa1adfd136920827aa0155fa2304982374012c9f980c0e9769c7e0318881c37f92f5ac311af58981a46bd5ae6992bf12b3197d8ed685d589d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
024ad825e3cec67ea131a802998f18e1

SHA1
9b22d687dc4373562ca7796280935c384a9d229a

SHA256
6472db5683a92cafaaf57d08f316b1f073a402621f1669d6f795fb058afbce79

SHA512
c6cb5d74e27a952e8087025418e86b630bc8608b3aa3ab0bfcd9c40492184ab9ad04e4f78200507a8a88e3c85d6c1a6a7afb5466818707b84aa80e99ea2b499d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d6dece4b175b1ebdabb72e1f3f1e28ff

SHA1
5d5831121148fac1ae9e224c260416f8795fef0b

SHA256
51b8a8ba1bd5c788e8c31171dfef67075802187e2fe62c887b3e18d08bde6077

SHA512
5f7218df3d301e1dd2df3af196bb75733c7a3bbc4bca4e43ceff289bba46bb5cc409afc8449caa48417e1ee209f0e67f1ab08634d556ff9764cc8e593e4dbb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a018.TMP

Filesize
371B

MD5
315a111fe4fd56af0a532ac6a4b7199a

SHA1
ae0ea72262907a44dd359e63518bdc58e1d6e84c

SHA256
eace5b34d7e875a8e60e847e3baa78da834599aeeb96f9952b48612f737b6c76

SHA512
3c71ffac63c16d775011c3aac172b13411afe7990eeb606f07710f2699da1859c8ef5ee76f9917920484f67f931444cdacede125bceb0c0e996f134f86fa1350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2503892014a2b272b6d674f49723a1ff

SHA1
0298923dc6507f99984268abd2f9512ff6af1987

SHA256
16d21955e67c136324595063b90f527bb3956fd97719c7ae841ce5f9450f7791

SHA512
94889c8d508e6762247a4313930e819c3ffa41ba204241c7ff9719f700f03fd5cf5b564512b58d3ebec8d1fe30333aeee67683ee25af5a83a051f3baf38568ef

Download Submit