b3a36c93b971cea6433afffd3efe62ff129d61387d44637ea027cc951051af46

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17c9e0fe28b2b1e8e4c8b35a5d98b6a0_JaffaCakes118.html
Size

19KB
MD5

17c9e0fe28b2b1e8e4c8b35a5d98b6a0
SHA1

01e1d856b76aeba6ee4ee6347221b908399b0bcc
SHA256

b3a36c93b971cea6433afffd3efe62ff129d61387d44637ea027cc951051af46
SHA512

c7515e1fd3a6daed395f7756699dcead6604f5f58e63d1b8003dba26cbbb91232387b2e7d2862297b195c74bc497a8c26351d97bc738bfc387eadf9b317e25f7
SSDEEP

384:4nLt+hFHepfGQ/YJAqPn7c9DUNpkDynV06ngVXZs9sPbEmlsuN:4IhF+pf4JAqPn7c9wKyV06CXS9sPbfl5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
2280	msedge.exe
2280	msedge.exe
2904	identity_helper.exe
2904	identity_helper.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2180	2280	msedge.exe	82
PID 2280 wrote to memory of 2180	2280	msedge.exe	82
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 536	2280	msedge.exe	83
PID 2280 wrote to memory of 3648	2280	msedge.exe	84
PID 2280 wrote to memory of 3648	2280	msedge.exe	84
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85
PID 2280 wrote to memory of 3236	2280	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\17c9e0fe28b2b1e8e4c8b35a5d98b6a0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,6497104739152980286,10185736667074352274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0c29c02f02c02b30974b2bc769d5a152

SHA1
92b1d03e0bcf6a582d8d0aaa9d78cf2bc36f94e2

SHA256
4d5f6e53b60919f345ffe4c20f8eeb0b49ec296e0283b638b5dfdc34ec892839

SHA512
b6361d58cc279a7e47049de2ed33fe641d856f59f00e5a0b70f1c9c393df3cd36498392a8b6d7df628624a9feca8ccc2f4ff6115ce02bb293eabb19106735e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cd09c62c7073bed261920010175780a0

SHA1
f1a5102abb3c15fce95ad5a75e6a06ea0273a423

SHA256
5cc1e5315b99051fd286dae154b6ffd57c9cab93e8eba58c3432d36f1b03d1e0

SHA512
75de41434d034df3c85577b09b84d373b2de508826f6392b20dfc35830a01cc341b58ec9bef904066e57f9bee77b42874794794df5fdb5840dbbba7a94c79869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
90638826ec05bf7edb5db5e8b49876cb

SHA1
f15e4d661897a02a2276caf585d57731ae0bb3b0

SHA256
c629c787ef3c126a51d93776d20b9c6e59160734112813453bfc3c6d479cf83f

SHA512
367751d8c95795d9bdaeb4348dc80fd66a1c2a5ca3f7a394968c7dc0cd3f6b8dfde8fa2b957731ed1720a6b73d0fb6878fd1be13683cb8449af289838b490fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf39abb098bce31384c7afd9af8d62d2

SHA1
57fcfa24a08af969b99c806f1698504575759c05

SHA256
4db16dce83803cda47f6d8de869646dcab071e3f7b19fb71bc98f8b18a494400

SHA512
6b267098f3e79bd707040b340b9831faf38ec4bbf33f70c606accdf7bc111c7057fd2fb3db379f03e3ac1ff81ff716f410d3abbde3085c1742f331db641b0060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42ddd602dc38e4522d82ad328869af1d

SHA1
9348d00edf1ba90894e7a99a36c8ce71f577e304

SHA256
d81af502cd0ac283d1b92e63d02ca820a747a45d4ee75bd8641a3a230a702406

SHA512
c6bdfc119fb9761b40649967cc0c96f7c441f6e22ad59382f1bff31ab9c60d67bc92a5f4bf9d7c01e6e4e7f816af856f3c0b1f5049890521c918f4ee1231d0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05e4bfaa4d11205391e49501a05859f8

SHA1
db498dab4656e3204d2bc51eb9621cc9871b4b03

SHA256
481fda0b2039d71210c47846f4c37a8c95a6ce800952179b75199925eba604a5

SHA512
0c430a42c2900a8b1355a06b180ac54f896dd2e739de8b3371457c49ad30390244081be3aa34125109b932739db16319434391a37046d229690a2f8e172ee3b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de853f2a3f4f80a5a2cb7e586c13b175

SHA1
f183fe3983996519f515914db87d2fad737b328f

SHA256
71fdecd58799373766d406eeef51ce449b69bf3514e5a257ff01480d66b18f56

SHA512
ac9e4db230bbe886a72b7ded7247615ffc38ad018e87c0e2e75e3fea12d2a4a9c5731d52917e1b484fafac83b54f4d68e4f3e0120f364d9eb8e68d56d775041d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c5192d525f7c20473ff05bf97854a32

SHA1
c5b94b863de3e476c01290221959e465a2096950

SHA256
0add82e789a6f1b21297916f47cb9d9af0864029df74eb60f63aa9f5b6853a14

SHA512
afabe5374a31328d4316209e3fff1c82a523ffbc7b12de34d355255caa9ea9180b77a5a8f67ada44ac1a2c0ac078716e859333f5a04f4407116819f5ab3745e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c42be62e3acf573f6c15ef7f3583ab88

SHA1
3e3edc5c0433decef4eff4eff0b6efa0fdf2cdca

SHA256
f9c926ec6b0d1f6cb8440be2ea6ec2acc2bc34ff7f16f9e72af69c71f59db2f8

SHA512
5c0e8419b1e71f63c8c44021f118209c1fc31e670311f182a4ad6268e2edc552bdbbc91d6e48f03e6fd6b56e09011c65fccb29b0cd1441fcedc77a8cc736c131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
167277d8ea9e36dd1b3442722f11f4c3

SHA1
6cf5bf9438b305e1fd4a9259a37b8ac0d1928ce1

SHA256
d7f45dc231cdab7bdaf5b44ac03a573f0961547dcc1c6a231de1bbb1a2436ff3

SHA512
2ecbbe6527e61a0f28ca550f28fab9a7998a55814f5a4a56082429d0e652f0c92b4c3a9df7679109c0ec363775623ef52b55ce402a4aff7b6651edc19c9a0368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef42.TMP

Filesize
1KB

MD5
6733f5fa1395767a857383a41a9aee42

SHA1
2d5a401b88c04a54e0fc445b78da0b7111c88e80

SHA256
0efc4de6077cca6a01df3ebaf43cfaf2dcd4be120032370dd9ab9cb872135c95

SHA512
20ae20541a7ba5bd2a901f3aec21b02e892ae3cd29a2ef187db776b402d02588a7f2831b72de8f4c82d03e3d386513586cefc48691aa854f0a6a1ba8637c1b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6e6b6608392a105283be6b175f3cb2a3

SHA1
abba8d5503fb1c448a0cf1b769b276612d4f385e

SHA256
b48a0b49feadfd3c8ca0d732da7d256b824bc3f67f4553ec136fba85ac1523a3

SHA512
7e961b50cb1716bcd02030f560cd3dbacae59594b374518f4fe32df87b0896d118e158ae646a2911afacd934b4fccd2fa45633f7c46b6caf3e78a8ff0eb85dbc

Download Submit