2ef6f78830a838888c8f48974314a7ab89fa00caae5c5f1ee30a380f26a84d3e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ff1f93c0c385633bb2ff13b84c1cbb7_JaffaCakes118.html
Size

165KB
MD5

3ff1f93c0c385633bb2ff13b84c1cbb7
SHA1

30e654a2f229a7d1be66ff63b5f53e259a52e0d9
SHA256

2ef6f78830a838888c8f48974314a7ab89fa00caae5c5f1ee30a380f26a84d3e
SHA512

097e592ff375a121f304e134121b185095a6bdff4e8dd24ef073ec2432b669c32e3193760f350d527b5ad85261e4015dd849f9fb968ebbed7fd1101bb812124b
SSDEEP

3072:LthO2EsEnRE6gblm0/T9gDstYpaNUVzlMbhcf+pZ8:L3cE690mR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3436	msedge.exe
3436	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 4512	3436	msedge.exe	83
PID 3436 wrote to memory of 4512	3436	msedge.exe	83
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3728	3436	msedge.exe	84
PID 3436 wrote to memory of 3748	3436	msedge.exe	85
PID 3436 wrote to memory of 3748	3436	msedge.exe	85
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86
PID 3436 wrote to memory of 1224	3436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ff1f93c0c385633bb2ff13b84c1cbb7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd16f946f8,0x7ffd16f94708,0x7ffd16f94718
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,11544076237662282116,16886076707848041328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4d7e71d59df8ef2bcee2d55b99208b42

SHA1
f638003424224581fb9ce88e6ac0a53996fb2519

SHA256
e6a4f65b70bfe37c692cc57e9dc75bc37970a95828107300e15d1bdbcb2b3821

SHA512
be171671aa58c06f92cb24917ffd7cecf3f7c7b0f908d7261426b3b34611102972491347d5b681767f690e06764bd39cd724fa4ab6752c45071ce29ae0dda9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
aaec40d6bcd4b37fb2359d2c557822f1

SHA1
c2994e375b3ddf6e60d3e24083cc93c6d03c99dd

SHA256
599f7f5883f5a7356ad4060119adab6fd16b7b4da0b79484083ac8ee06c4dbe1

SHA512
2f7a6850c0af1b3f8dcb2fed1856e18e7cd393af66ab7d7288f9bb6eb060331dbdd0d758120cc8e4d918c57763cfb36be86448bec970c5df9b5f6c4bdfc9071f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cbe86217d2bdc50e562b7896212c16f2

SHA1
ff44584983841a34dec001cfa228bda212a28c23

SHA256
1fe5ba0306ff0521217b77ed6795ae163d35ac9262b5206fe353f3bd7a6aed7e

SHA512
21f9400692732c492209afcd1b91c8d6db1efd5cf4a9e30a093014de2f858adadf7ed320cb7bb1cebf29bf1689015e7b48661b3ff2fa6dea7b163ccb220c0a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
62d25b59f47468785be29ecc2e045083

SHA1
8118f262ae278826d99810bc0745951a0fb679f2

SHA256
9d13b56421388f9cf2c817372cc6c955163e93c9639138b0a1b4af96e77d03b2

SHA512
8b3604a0ae0225291adccc39e0c8f0249ed97be01cf043dd81b1e4bbb8c9c41077bec093f7c08a8c3941feb2d77c6af3792f70b1906cfe4b80e0457feb4be891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e592101103c7b0532b642437daa3f599

SHA1
3af17ef3a42f2d5773d3531ba06601d3ff11ef84

SHA256
17928c17521e570d2ad73a83e857a9b49ba26e592576b4a0f28242068475388d

SHA512
77cf673770fb9c50fc4f5aca6b0e2efb2f42c143e8cd9f8f44774474b48ccee41f86909930f2727bf377d20330fc76d9706f9c9f925fbaaca8a9998bf0052d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae2ed19ef417a3271e10e2b3df8fa1c3

SHA1
1772a70ca6485debff26209b80eccd9a0bf5baa3

SHA256
615b30f9bc61ff086b63e7bb6f02317439e59f16ce16b9ebade012f38e070562

SHA512
84c404c48596b23c4affeb5b39673fba47309d2a3c545f1fb1ae9ad8fcab5c39b1100d37e05f9d7459db25002c39fb142764a9e7ba928a05e1a32b2e1f24d097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13c8f1a390cfa082084ba10444637e67

SHA1
e30c2b67088d7cbf088a3ded1eee968d25d93c91

SHA256
e72cf4bf37ddc822d11be67635715e13732735d1587497903a8fb44b1892b9eb

SHA512
463cd591eac9e1d788720a404f5ef7c1cbb97a4b1fa01345b8aef5bbda3bd14635340a9536621ea9233ec434c964564eba2cc8ca363d4a12d7140580b698a4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dbb76f010894c6da8721a158e698b4ff

SHA1
7f1b980496a8068ea8184d111cdc504e9f580ae0

SHA256
ec04c5e62618864b64f28ad5fd4d54eb5f527ab1fc15306d7a81b13519266ff8

SHA512
4a0a27f9b7d2a15c4c3e1234de36160b45bc304579bb8f840611e6560d10684dd2b7e1d31cf562b4bce50bcfbb97ce5b1332e19bafda949c512e17f3186351cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
6642ceb6076c1889108ab8bf8d68ab73

SHA1
098f99dbc9769e3b7ed84b91a768b00d03de8c89

SHA256
ac6dcd7a96b57442cdb45ae1432a98fe26942318b61202e4263c8be41b49fac5

SHA512
080ab3ac2741a773f155db0fd98462bf124d76247d97c7a739137cfa50fd6588a973f187e5ca58713af70bb81d46824b5f704f8dabdc8a42acaa500a834e04dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab4e.TMP

Filesize
204B

MD5
86504d2714986e9d6282cd26156e3c74

SHA1
9a1d776ede0b211319f90538570d693aa0c25b25

SHA256
1b6e4679ef043e014b5e41fd69e73869d3872d32d7ce418a2146d5a9f4d4e904

SHA512
fc9283715daa08f18b13b2771340089498d5473324242f86f9f8668fd56d5a4de8c4aaa6f97d9d978f8eff49459d8f44e49e575d04924afc10116fe68bea71a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
779e6c739c7871a80882f5266ae055c3

SHA1
bb96891c755369e838d81072e8c8db9ccd431b97

SHA256
9b4c6c284de10b5f513f10fb0fdacf85efec1bdb8df7ab96fc70cbd04e8b8c62

SHA512
4f05a29f12bda2d70415bfdd21602e7298a024766fa855bedb14e3768fe991d362541325f47dc1379a53f51bd72024f8130be74d37c8f45db346c197bd36110c

Download Submit