54fcfce0fd309d9ea98918264dc2d4602844d0597a2b4e473080cc04dc5dff07

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be129abdba1e2c30446614ca4b624fa8_JaffaCakes118.html
Size

103KB
MD5

be129abdba1e2c30446614ca4b624fa8
SHA1

0d431d5e388be28c840cc73e4bf10ae41bd7af08
SHA256

54fcfce0fd309d9ea98918264dc2d4602844d0597a2b4e473080cc04dc5dff07
SHA512

ba1cdf17d616e47320abd28b7aa1039cff1dadb754661e3703f0e5cb9ce87f1e72be7dff08abed9d111be029529348a19b4e9660f4e5fd47e8fb4cc23f9a5b24
SSDEEP

1536:dNtEXPMc0UEmyNtpI1jKbR7Tfv1kq7A48UKrOQGk6nelPtKlneyo+KgQyaHiPsL8:CoCQeyx5tdkjKtnWM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
3304	msedge.exe
3304	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 2972	3304	msedge.exe	84
PID 3304 wrote to memory of 2972	3304	msedge.exe	84
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 3768	3304	msedge.exe	85
PID 3304 wrote to memory of 4244	3304	msedge.exe	86
PID 3304 wrote to memory of 4244	3304	msedge.exe	86
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87
PID 3304 wrote to memory of 1492	3304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be129abdba1e2c30446614ca4b624fa8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f7f46f8,0x7ffa3f7f4708,0x7ffa3f7f4718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,89921281767048475,17724065988527118832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
77d05a5f9af64877c2fafa9e312d86c6

SHA1
3ed4740e6a4fa0ec8dabec4ad3f6fe6f35990c10

SHA256
50cf0aa0a814fdcfae4875249a846ebb9b0fc8f93feb674804d1b44037fd4054

SHA512
744a48dd788a64438fede4e39a87fe67abdba8e0f778132db5cce39e64472b19da7c213f4d3a619676868da0d05b8fd30301172820b5ac391a294d7327210ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
23KB

MD5
97bc586e529056a93e9c740af1a75079

SHA1
74e168680a8c171872ac5700ebba440cd7466042

SHA256
6bc6d4f08e1c7e83e9f1eb420e5a646b8a40da7fa13b238773f481048eae2de8

SHA512
eaee0580e94d27b29af4f8db7a64b59b1abb0ba433c0a0331e5d326e2d2b27f97736387f59ce870368923d0fc74dbe6c817bf6e6860e797ea3fdb3099cc2fe21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
82KB

MD5
87c1c7fb724e83331ccf63665eaab425

SHA1
ffb8381d088fbe3f8ba7f01615c1afc8429535e2

SHA256
e96cbbc7e15ee4d51b4fb4c05c60aba69fc19833585c60aecbf25bf96da5d362

SHA512
38a070725d0b35697dd6488daabae4a4090a5938e8f1b1e6d0422f33573a80ac0f572df5b9d62baf8667834f9a83a2d37c0518d606db9c76ee5c3c0663ca01e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
98KB

MD5
5a106754ff5be9e91d3aeedaf69e40d6

SHA1
7155fd3febb265cd630688885deedaca996cb269

SHA256
597180e51d439b0e5cc1978f819ea63d7b447471454a7cf275a4dcf5281a6386

SHA512
2f93ce56239e4b6e22a6306cd95344214859b4b0d1e5c09724d4892acd7fe3d523e5e7afc8bd7d6e51be089d5e1c197fa9324229a519442edc8a3827d7e4d7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
72KB

MD5
967cb89ceedbc6d333a5c75a40e19714

SHA1
f0f3367c1fabd3192852d22f2eefdab03e77dde2

SHA256
45ce3b04ca5a82e48c0b54e5e912cfa3020e1ade45ae7ba42b0a4bd2b73a48b8

SHA512
38bdc91ed41e3a79b21a970cf56a0ec279e5188209ceec56f72dc46ce021bc2b601c4b244ab7b705c9d8f0d3fdfa2f38213786df178f23dcc5c03bf88d894cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
98KB

MD5
0da99087d6d503aa511b511b635700e2

SHA1
21e004bc618c6ac5f3a41efe7ee420e543e22fd8

SHA256
b0aa9420a548a50575141a57c9c33695e53c5589b71c92c5e98efbb94823a905

SHA512
fa1bacde6d355daaeca6a12a3930e04b256c335a2247e2475fc9d50eab62be3d4b26cba930eec312b5fb4ebe6a046c83f99d8f43a97320b02dd079ae26d82491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
61KB

MD5
2f760f79de3e00e090691ef33f218975

SHA1
b23856cb7be3d1ef50e916120beb86b03e4798f8

SHA256
c87a4f6490d444876cb6bea23d75fa3442637bcafa9d2f7ea4718bc5c5332df5

SHA512
41fd9380552dd13be99371f3217031462605da6f0ae88a4a16a1cfa2c35336dc3fc4879edeae261012fbe3cf5390e7d8799ccb3e50ff00c089eae7126b34f873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
33KB

MD5
8088e032bb2415dfda775018b604f977

SHA1
06100ee462e0f8032a1ec41c892955954ff3115b

SHA256
13e27dd9061c86c47649a20b3202b07ff38ef17c324c207e00160d974d209502

SHA512
b2510001db29c4c2f3790b41f7d4885a30f24ccca088ea3613eee88ba6ba1eb716d1e59dfb8fd1f323e8d9cc51d3bb54ac80272bf866db47921a40cb5bb463be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
41KB

MD5
bf7e5037b04c435c6cdd9696cf82a99e

SHA1
824305b3b3d16b2f31539c724586c1056ec1bd59

SHA256
dc01d13bf6d8f4cb2afb53f016f38da5aa9ef770ec93f9f2f74321de38acfe3f

SHA512
198662abdeae1a1592c44aa27ad612fb65fc0b1a40732a6cb5f510b8ad47e79bba251466aa73008ae90163dcafb31cbe1569c0875e6f1e628d37f91f50f3ecbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
27KB

MD5
ad74e056903837aadc8a9d12c8aa750b

SHA1
f944ea6abecbca540a7ac8c614f3fca3c3b74421

SHA256
ebec7df12ab8336fc251166e9fe38cd3daf28a60a155656105d161c5a3fbc86f

SHA512
6e9cb9ed81653acce24af773e38bd1fc76ecd174ca8525fc0f0a17b34493a29875dde457cd05837d440fa144b71fa4bf2ccf56b4e8afa924b6b65157c4a391be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
90KB

MD5
c1caf59038e2ef48434d64ccc2e0d365

SHA1
6100cda8f217341fa2ddf511a649fe62e338eb4f

SHA256
bab561605019f76b7dd2350974cd2c78059e9812e48cd44e3f836162187964c8

SHA512
47602a7cda99f5d2e60b1769c1fdc4b1c1d37f89a8629ffa98af9cb443067379a515aaf6c5ca7ce8e1dbd0db39b2e1961c46e130b0c804fb5685a75903a26464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
130KB

MD5
a715a8c8696773c98dd9b711065a5924

SHA1
c951b9978576c1a4815868ea1640be9189691d54

SHA256
fdd7a480dd32fa9d4674165711b95ae90ce897e9f199e24690347dd498375909

SHA512
c2303fa61c1f6e5612f109ac5dd3ae3f3e78188ea57d0e43c3bc0f03edb3a96846164e224c7970ba4f5daf8aa5ee5abb5a2f7eb3cf479e6347483e53dfb77258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
125KB

MD5
559a70611fb9dbc2dc806d4686ed99db

SHA1
0f54c5afa43d849995a6bc33f2cc96804227ad53

SHA256
355ed22d360c7a34f932fbfde201208d57d398dd670eef170dd625da9703857f

SHA512
bc18d1943f85f45875e9c959dab929cf1be0c5e9038c24e5159a286815c3cdc8c470b5b5e67e5eb3535b78fe7183000a84cb7f5f9f9c29374d6387aba9a08898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
953B

MD5
ef7cc64fd1cf9200c7e97e73a2777d64

SHA1
f0a08d2a7ca6c082223d6da4d71642f9f292725b

SHA256
dd3128c3de54e8746562eefcc1642934616bf81d069732f9d4ca14d4579325ad

SHA512
a5b9780a2a99a133453e34ef68eb25eda22177c0244d98828de1ab6ec8fb133c7f5e98f529f4c1dc00632caf10fb24e14b6717640b2e585086790139909a725b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7b58aa00e3ff5ac79d0e712ae017c00

SHA1
3f90ac76a9f822acf5affd12dcc6ddfd3b6ad57d

SHA256
6a7d543cbeb3277f0b300c4dc91b8c8b0f77e353c7a7f0444e5894ed599ab899

SHA512
46cfa47cc4e1c67d381d05c0192f173a49d8d10f739be70a5c3af82bf058289ee478b4072a358adc8a38b36f10cf8e0eed37ddc193ed77ec9ce0f8a1d67da706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4785c4ef71d34311f4e7b93ae213db5a

SHA1
bc1302b79c8158cdf53941726d09eab1524550f2

SHA256
b4261260307946faf1091ae0c8b746bc381c0ce1fde08cbf72c77616b4593621

SHA512
111a81373eaea756f8d896cfb0954de7dd045db563760ff0fa098e7e977f4d60ddbdc24c0d8b31faac39cc86d502702a6503812ca1d7c38ef4bde40457f8812e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7863a9804f3af583073c6deb244a79f1

SHA1
8a157df9e3ef53718969656cdb1d037add42f4d7

SHA256
d92d6f63c23ba1398d3ee555e9dd5febe6efe5aa52d8ca27a93f36c24348b4dd

SHA512
ce4d0ee3b82095fa0766b758b003d53642e4589bebcf001de3b18872a7715adf4851fab8b6d546c6d3c9e17a76184df486a5bb28593441730e596f10347f6701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5852fd.TMP

Filesize
204B

MD5
cb1dcf43a49d26a184a9de4f98ec2050

SHA1
4af90735bd3ff8b12a12693b5ba9348a88e7fc73

SHA256
2cbfc629596e229ebc626fccf50a97c7e0e3f5d92fddb7e0403f143ec83eaf82

SHA512
71bdbcffbf635166b692065c44c3e218777605c075cdf7bf64bee2bf0904545ad991200851f8d0b593c5c2cbdf47dc6f8f5bec689816eff96d308c4325683f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2f0576b6a30f3fcfd1de7705ec18652

SHA1
89cc7365c6fd2ea550c5a7febfdac7b4ae70d639

SHA256
ecd6c3c646611da9d0983322e93303eb72f1764a97ccf1467872a88b3f07e106

SHA512
171246f908e80ae263bff467da83684a6d02541e07d3cec626689687339f7fda5162ce939c59591ba6cf79504f56dd2419d6df58c9d280c65f7c42e5bb0aded6

Download Submit