a30428c2338ce7cec64f24a44a0e88c95383eb895a3af04d741d9b879e147e5b

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b4ae4d0ac93e0c8cc5f84611bc399ce_JaffaCakes118.html
Size

34KB
MD5

2b4ae4d0ac93e0c8cc5f84611bc399ce
SHA1

55984980068a3beab6d2529564e4c65b283524fb
SHA256

a30428c2338ce7cec64f24a44a0e88c95383eb895a3af04d741d9b879e147e5b
SHA512

ae105202851dcf5f1ba705a35f1bff6fdf4e38043e50d2b732b7b4edd96cae16f91e3b44e58ecc31b332fd7208a790c00e8b71230088ebdd82eeeb807b4885a0
SSDEEP

768:mmrUZeHdjzSayASsQT02gA0uwWHAaY2n26l3cDcKhb:m4UZeHdjzSayASsQT02gA0uwWHnr1cI0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
3968	msedge.exe
3968	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 1008	3968	msedge.exe	83
PID 3968 wrote to memory of 1008	3968	msedge.exe	83
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4416	3968	msedge.exe	84
PID 3968 wrote to memory of 4880	3968	msedge.exe	85
PID 3968 wrote to memory of 4880	3968	msedge.exe	85
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86
PID 3968 wrote to memory of 4392	3968	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2b4ae4d0ac93e0c8cc5f84611bc399ce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8a7946f8,0x7ffd8a794708,0x7ffd8a794718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12921826849846479124,11654765411846662045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\063dd3c8-13f7-4ccf-ac55-8991569afbe8.tmp

Filesize
5KB

MD5
8cd212e83c99680917e5dce05dbb4f69

SHA1
f10aa1e5aa37891613c6996f0376c165304302c0

SHA256
af08274f9c141eff1194acc0886e5be3a4f274f45c26a1b84f86db3c5765ba7a

SHA512
208b9a08c6af0b58a400c138235e0fb959baba8a2ff333f2ac660bff76e7d16652c6afffa1374d51711ba78ed3761808f2576fae87914224f8d7f13e006cb7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f69f5a41f3e3a3ac35a81505afb85b5e

SHA1
345212675b3155e9a747050c02e03078d66cfbf2

SHA256
96521d74916a78be2621bfd4264138b36183e82824cd2bca2dd414805c470596

SHA512
6856cd97ca9ca954ed28d7c7ec55b93960574b83ab11feac1803229a7363ff0e003bebb9f8a849b165c26264c020ff1687253778d38d95bedbb70bcc29e29790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
001ffad858034f2479ef3724169cc463

SHA1
923c58bb14e213803d9eb4551f7375fa5f89f585

SHA256
935e74951dd47697b5d184cfa680f9d18d68a7fdc5e3524b322822642deef8ed

SHA512
08f75780cd09f398ab94b07c3b084cd2b64e20d653075f8dbd2ab3a3ba796904b599b94bc469e97b050c853fa7a47869a5225903de51ce44c61ebc656bc0cd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
27523423c8ff274b800cc3cc5461d0cd

SHA1
1af0c9afc4c7f9161c4fe2fc6909c43961c00da3

SHA256
4b554f11c5963ed65f40a46c9cf204d6794c7367877dd109c036a7d325f2c3f4

SHA512
cf58b52b1316a4a3fa1b5824c69787d83f4ff3f15e2a10618c5b236b314adad78fadc1d9cba2d8781111d6739f74c9ced50ffc2af6be54cd010565746b6fdc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c8d2fe272fb2edddc098dd3b32ef2867

SHA1
bc8266d2969beaf8a5aba05cb570c5d91fae9f96

SHA256
4777cc4dcb5b5ac0a8774435e446f94cf6fee6e61765ec3ecff705719fbf7e85

SHA512
3ede19a8301c28c8cd967252832db88d79a2e437f676bdc564b2ef77acce0bda3e072c7266c75e893fe17d7924aa48201101860bcff5bc8685584c460e3b9556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b12964ef9ddbe04d53d9f9a398131c51

SHA1
6e278cb6d540892f1619924b5380ede8b70a0f4e

SHA256
7af84d68e19db1f0db2d0a5459c5e3598848a3f5d5eeb1801bbe8bfc74306ad1

SHA512
aefbed5baa3927970f26ceece17f84f55f9ad862aeb075c11ef62d8df47664dc9163eef85aa7c03e2dd924faca81df2c20e66d9c756773b26ecfb129683382cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52c7b2a9c4ddb10cbfd92bf67b132547

SHA1
af847db3419672dd2e934dba79f2700f88d0e41c

SHA256
34a91485755b4d45a43b86b69fb0cfd390c73d899c6606cd3a62aae675086d35

SHA512
05a8968ae5c1045aa0ed4d5854e3c61fb71bf7c6e898b6f1136b835d4522f24b727e87946ab204d802311f7757d22a07448e4dd865ed6eb40fc9e26f5dda6a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
473df78187d7137f91fcf678e00a2e2c

SHA1
8a188b9c225e999bd2c024da2368bf13bfd74e2b

SHA256
3a33fa8ec24dbe253813aee677b14bda3015ae72e739231745026c9b736a3bf9

SHA512
114f3936235a3033dc778f32192cad3f2cc7c540401f394aa32dca3b0b94afbb648dcaa167eef8f33490fb9359db9b12dcbf499228f4bbda10299fe5a9d45652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
696B

MD5
5e248165f7d8d383339492ddc124d61b

SHA1
2185f3307fdbdcdcd62e62e0edc09a1cf46b1597

SHA256
e04ea54637068e4b513b40f1c5153ccb0be43b244c47ee2806a8a0167f64b01d

SHA512
23308406bb16462029272154669dc858a21aa5cc751197a277fb212602aa1f5bf45d50d19e53ed127ea6cdcd5660cb2cd5a3e1cd355afa9fc7da7afc31edba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
6e755b23c8f345b473648b8256252f45

SHA1
be47790aa5dad4fa587324f25b703622fc78f8f6

SHA256
d84737246be26d1f41b4ad908eea56dc1fbbca1c7cb7279a68ac8a5fa8376dd5

SHA512
727dfc4ca403f550a881bd46e225570c1db284e32a620f236793702afccf4db2f6a3ac171bb48302978629947f126c7b34996881aaa6245b1f9cf5be80a12886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa4a.TMP

Filesize
201B

MD5
386a512b9e33a8933d55467350479172

SHA1
07c9262ffcc3e740609fb0acba555d78108b4ce0

SHA256
6de370478ec7a8e33a6b5e33d808a45299e8818fdfc8f8a8cc73f545db0838fc

SHA512
b553884521fab984203be10115d6937d441cc44826f9e3fd463449809172b8f8a2fc81ae17957080d556dd9bd3b7ca496c1074d53685b90c994ad66498e41970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25027988349358f7261e6e2d1d6c49b2

SHA1
ae005292de05dad43fe4e9acc1ef623474d1232e

SHA256
45ecc66a0a588cc643619de7eb002f1a601b681d3d5bce1b2c358f214c90c10e

SHA512
dc1d309a6477eb6abcc71d0675bbb15a19acd028942303d85729d638d2d681bc7762799e032464e7148a27b56758f3db10f4df8e215c2459ba43015113e90df7

Download Submit