7e116c139b44b25831e2b536c7a70186e272477f9d179683ae1196d64c71b833

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bfc03224b7886ac83348dc4dd3488ea_JaffaCakes118.html
Size

156KB
MD5

3bfc03224b7886ac83348dc4dd3488ea
SHA1

17ed1b190fcce0008c2cc41b83ea2abca7dd7688
SHA256

7e116c139b44b25831e2b536c7a70186e272477f9d179683ae1196d64c71b833
SHA512

b1f91b0087a95bb742b8b60e454deacb7603ceac869dec2e099ff8efa7ea50340ff11e95909afe6ebb4f2cb5293ec0704edd6116bf010f85d15a9d2ebe1a8360
SSDEEP

3072:sZKYu8M6beyJjy+MaifkdfARUa+S94nAnWhY+CAMOHBd:sZKYuijyZUN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
4296	msedge.exe
4296	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4836	4296	msedge.exe	82
PID 4296 wrote to memory of 4836	4296	msedge.exe	82
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 716	4296	msedge.exe	83
PID 4296 wrote to memory of 3196	4296	msedge.exe	84
PID 4296 wrote to memory of 3196	4296	msedge.exe	84
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85
PID 4296 wrote to memory of 1136	4296	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3bfc03224b7886ac83348dc4dd3488ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6560375269248141031,14494608154980578480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
ac83857f0497a4a0e7669329827cf228

SHA1
18ea483c966969e43a654fcadea9719a8aca370c

SHA256
43337a1354f376890cdb73f3dbaf95a8027761c574c30cdecb321096be485d3e

SHA512
6a35c50764d31d4bac07ddbec2329238cd04f2c58c00629e523ae7fc2a7d6be5d1226f8fb6c3c1043b215c38c47951a66fa8a9d4f4d6ddce7664bd1d011db2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
4626dd2198e3a8d724fa9160d0e60062

SHA1
bb5c31745f3898b9fc6f41e730c95cb8b5eaece9

SHA256
b1316a6807a2d403909c179a51324a0d31cb8b3d808eaf991c685c34b6889693

SHA512
474567b529ade6a83363617fa94f81244a7dbd9ca07fa05616848fafe8e449c5313d59f0183054cab7f4323bf55663f7f6182c0b5c6c921b9454d762db492182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
95KB

MD5
02d636bdbd660e57abebb342346aa7c1

SHA1
329164e5c36bf81b028d88e692a7d2fc2ea99b31

SHA256
cf015ff8b1dd0132eafbfc6a67b7f0b778a53688bdb66329c2798814d43ed42f

SHA512
b6ed4c06662295d22b6c35588c4c61b7cbbc005d8f7b33ff57293b78893dbbfa686c9d8efd478e516af97ed7caf953d22690ecdb9628348ed774f91f17972db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
118KB

MD5
dce1011360b966da40f760b23df1b72e

SHA1
4a463114391945d341c29c85892a20d1dcf5eea9

SHA256
a5e8a84b045d2b31be72de1f96c9f21afc6cc2d80d361ef1485d3e0697600e9f

SHA512
462a924c0689da10edf417dc9ff7176dab361251d18bd173adf175588c329684ae136ffbdde5a9da459562784c40443121cf5f73b52f86a1431fd4a23da0d563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
20731267beaaa93d0bd4daf16a5714cb

SHA1
712dda0417863d404dddabbb9ef8d6fb8bf4c373

SHA256
714a8d78daa61f6b0dfbb0d6610272651e7fda7068e40576699a9308550451e9

SHA512
df50e4b540ecf96d5fbb5aafdbcb65a9fce3a81f22dfbb3684f078c5f926b7030b58dc9ec31c1ef83d6ebdbd6bd5df2f36a0ba747ab0125ae4a3c7b52d6ec104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
55547a4cf738028d9d65d47a28f58d25

SHA1
185c8c934b216a30f0129a7f85237a188885fd8d

SHA256
25f75fed69b925be72aef0bb6845e92c922770e81c13fa8b8f33e1cf2239d4af

SHA512
741c988d898631e6990c59bdd4c9477901000d8185303fdbaf60768f5b06f3e7d138f967898c5f058051de639b8c5a79a359b7dfe851407a426b7a1f2cf011c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d452e7948d300eb4d6a10399d56e195b

SHA1
cc590d8046ead9f40de6df161f3552be83234201

SHA256
1f01d6612e84e2f093dea24f57b193c41f034ab494431352a4b18e38ce0f5cd6

SHA512
ec797591dea001b4bb0d8e67fe9e57808ce32c8aeb5a4804055266e560b092ad4b37a7c2db47f5de04cd92092f33d2313127a689405e6f7d0a525c06e38b9cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9359102f96db41d3eff92470416d9ea7

SHA1
bb2274d06507de7d39d15af59b3af01e56567da3

SHA256
bcee3a52487632e06bc762a1e6476366422fe53b2596bdc6e918ec44f1eeabe7

SHA512
8d1bdb52a41ceabd800d9cce30bf1c642eed5c1cb946cebcad8fadf809d234d7e670602229e67b1d982dcbb494daf4c9df93217a1ea5947787605901c7c1d750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53c98a68e38c81222c5d82f74e5a8e2f

SHA1
0863b8a806ac06fd3a3eab82bf93a8aebfbbded1

SHA256
22285423a5029f9e477b575a973f4c14d2350d2eb66d6c0b3e8befcd1103cc77

SHA512
5bc556f41b1cd210c84e30668dcbe16f1082b3d98f71d9334ea34d51eb51b97358424ff650ac5fbd1221409c51743f19fa53121181a099e8ef6c5ebbd4364a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dd0debe54b2a5f0063fc0287b0e4594c

SHA1
31ab9f32143b1c86647eb77c1cf3fc3692578527

SHA256
014f76803bea9d022b8f1f96a2ee31396667ead517d26420be562c267a86ef1c

SHA512
bf3042f0cf616aca85eecbdc7860c109e13242dccb33c7d684b022ab2ebf0c7e7c35709a7d12044fb76b217ed93f79742c54ce13874874bebbfcc7ded6fa1730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d97cdc46ee69367fbd264e1dc4c5bc7c

SHA1
f156eddd57a3793cb95f57243d1972416d39bafd

SHA256
7f6e3760cb0a5e78a92fbc0efb14f0a455873f68e31c67fcc6970eb4808d1f54

SHA512
5adffcdf51dda3578916b5bf85d1359b74c7aef63da6aaf0afa931cfa6d8f84abc18e8c477a7456068da27a3601de2732645d5b6c8258e78a0be733821af2dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bdf1.TMP

Filesize
1KB

MD5
1e9f4615c4e47f7350318ca073a05b7f

SHA1
00ef820193236e4403bcd6fef98d412ccbdb9389

SHA256
7e7256d50c5a984b3b332cce86f2623d51ebcbdb0d58cc8dae49bdfb0adbd7e7

SHA512
c1abf4af443d453683d337bcbc790863d02f33d29bd404dfc5a500fe4a4768d136410eb3acf596b0e25694a3e752bf6e461c14f2a97f5879242969526b0fc9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95cac1d89922c995e7fd2ac96ffd1c25

SHA1
c6f7866e84987fc13c341eb711b61f04c0205200

SHA256
d07577da6d47f765b0dc5e05eadd6d233f120584e84f86db91e81534ab789285

SHA512
5504d76c1262fc68375805186e1beb00607da52cdec2f6109fd7792665e15b1e2533359ba5bec527bc874d7cba126ad82d1617db534fca029f958eb240c95ebc

Download Submit