52b3553e0619e95d8333af4260d725628c14e99a130540d5792e7ceb01e9b4d9

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bc60bb80cf3502affa41cddf34b4de0_JaffaCakes118.html
Size

159KB
MD5

2bc60bb80cf3502affa41cddf34b4de0
SHA1

7650c1c38fa265ce8f9f62764eaf111424655810
SHA256

52b3553e0619e95d8333af4260d725628c14e99a130540d5792e7ceb01e9b4d9
SHA512

fd6ea58826e55b409d6083269bfb48922adcbc0921310a539670533dacbe1c83873def169400c1fb74d6fab3655bbfcf7ffef7e078a2cbc290c8a05137ee0feb
SSDEEP

3072:lN1ZLMEGbbmN+sccp/sLHIEvYZbNhpBHwT+1QAERYGuFNu:3MEGbW3ccp/sLHIEvYZRhwKw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
4132	msedge.exe
4132	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 1616	4132	msedge.exe	83
PID 4132 wrote to memory of 1616	4132	msedge.exe	83
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 3424	4132	msedge.exe	84
PID 4132 wrote to memory of 5052	4132	msedge.exe	85
PID 4132 wrote to memory of 5052	4132	msedge.exe	85
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86
PID 4132 wrote to memory of 2676	4132	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2bc60bb80cf3502affa41cddf34b4de0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc77946f8,0x7ffcc7794708,0x7ffcc7794718
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10557889554314202995,1217907423572334766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ca5696b253711dd9f21d22f7757ef81d

SHA1
3acbabfb06c125671f43673148d2706cf475c843

SHA256
c2e7919d3117c4583e017511a28d670958f0f1f72aed35e110787127af2bd0ce

SHA512
5c49bf8e80a0eab37dbb292675e72e0bf737d8a59891678260df15b00c4eb8cc12b8d5885ddf4939df370cb723096dd57cad1495b0fad3477213509de9243bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d2c3c0d42fc1fdbe98d6889452c107e7

SHA1
fff8406a78976949fd6df7901c8d75acc180660f

SHA256
c251a71f0a46aec311294149e3caed2d7c6c6dedb85f947ca9138e9412fad7a2

SHA512
a30e4d42100da3aa0f3c0f3b26e52ed84845f9175c09916f6c07d123ce5af8994d429a9a4cf8ff702aad4d6f49ec97b325261edbfe2e6dacac8b198e8800bc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3fd94b1d768e2b761407b12f441c2248

SHA1
5bbba0344b7a95dae20c7f5f79facc65cb573d03

SHA256
0eb56f5391f7ced8da279d3fc126cb56db4fd60dcd32f882f212006d696dbc01

SHA512
951a753fd949c9f7266947ffdb67159c1eba97eaa51e6dbe16f8c802f916b17564ce719b40956d4c85065b713991f92d52e4d448966271e23ee635d051ebb37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d11d9f515d27fa1392b5aca2f486307b

SHA1
f776e2064f90caa607ec9d57c5b3fe2d04fa7d64

SHA256
017ff672695becc81085b59c80102eef64b52aea454bc6d88d5b86bd7f6244fa

SHA512
a4a84e308e3733140dc264fc7d791efcf6778e216c5460bc3fca8f79c968ae47edc5540e75c9b11499d73123537df94bd60d8b02cb966529a7f3638d471e4034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4715c8598c2d7e98f701080b2b90876d

SHA1
88990b6a71c5bf926cc4f0fc7be34b6096fc3233

SHA256
1e72200ca778ed0ad9725afaaf348be0de81ac697f4fea004a48fb7ef617d93b

SHA512
4c8c3d3b59f5c6d44d4564870ac7072e67368d25a68d3e8e9c9042d91dda4dad3b513ca0fcafaf483c356c6b7b4341241dd9a8a9beddd511cca91a6e712db2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17670a59f448329b68ba6eb5d32cb73b

SHA1
1ede6fc797b9369a2e13a697482ecb607ca9d4e3

SHA256
2fb4fe98a55543fdac3f823f0faa7dbbaf1a615c15ab6921508c66e3c9fd33ef

SHA512
05333bfe995874e1f55ece6d76b2e8a6ec892c8fb92fa72c3e14542a212991e145a1d776d1bb3a7ae16cbd712c59e2f6026b7814b6fcb9175004ea77e3f69a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
56dce8cb63cc41e19cd8f3d1ee55a78d

SHA1
03f2992524b27a7b1f5a8d91f95af0275caf1cba

SHA256
11ac97ec98261ba1e559baec10d4154e0bd1a8270a5c1639ea7eeaa16ca19bca

SHA512
e519e01c4d69479214828122ee477b77b0897c4eb19d6508ecc6666dcdb3dd3cccde20368b45db0b71d9c34d4a896dc52f708aeb536f8a894428e6bd9e01b27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbd9.TMP

Filesize
204B

MD5
0658d2d22029a101ffbd943da5eb69d3

SHA1
745600d5c72dac51d2fcbc1d17b0c52923df1f73

SHA256
47f93f72d73f8deebd9d0747a5c4d8b795888dd34278f28ad93eeeb95c1fb965

SHA512
80bd4249094027b029c00023355d208e619ffb19acb67859615ce14165cb654eefcd5db9155f59703bc00c744622d786b99a2151499db74137903ebdd094d01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
903f23ac2e9908b8881c1e7991e59e30

SHA1
b3ff98f397ee0445950050298b1a35deaf058443

SHA256
3155aef46fe50b2def3cc62c6332aaff0c9348010b36bc4aa648eeaaa63fc47f

SHA512
e9f6a16f3b3e84b96640241b23d355530ae7f5c9d445c127685cea4a7e655a95fc80ec6870ce778f189b082220769bff753a01a65d394e93a286dd55c2c09c7e

Download Submit