5d49a1f212bf96475e2275cfdfb97aefc93a394dbf0ba18777707b153502ef37

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70b3327ff5244541edee37489d91a91d_JaffaCakes118.html
Size

68KB
MD5

70b3327ff5244541edee37489d91a91d
SHA1

af5057141acdbc94f0a8bb1e2253f2ece000b106
SHA256

5d49a1f212bf96475e2275cfdfb97aefc93a394dbf0ba18777707b153502ef37
SHA512

190439ebacb87631ed9adde7317875fc9bf8134ada5730b197b7a3a7ef9926e9d5539fa13e28a191a8e816453320ee06793bbe21a7ecdab7714292890a154985
SSDEEP

1536:sm9dCy+9KpFHt4zDLPkWx5BS7lRgEumk1nqIY9x1W7n3y1W3xCcxbtBi5heF5/Uw:RCy+GvlRgEj1P1/4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
4920	msedge.exe
4920	msedge.exe
2172	identity_helper.exe
2172	identity_helper.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3080	4920	msedge.exe	84
PID 4920 wrote to memory of 3080	4920	msedge.exe	84
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 2908	4920	msedge.exe	85
PID 4920 wrote to memory of 1568	4920	msedge.exe	86
PID 4920 wrote to memory of 1568	4920	msedge.exe	86
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87
PID 4920 wrote to memory of 976	4920	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70b3327ff5244541edee37489d91a91d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfb8046f8,0x7ffdfb804708,0x7ffdfb804718
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10031772895011278430,10631965659420883177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
fb1a4e8823f0d297688e8017ae5e3412

SHA1
4a861e1c3766f2792458201f7c9669ead8a9719e

SHA256
cdaad26282ea779773f9e585863d1d72e95b88f614b3da1cca834494dc34149e

SHA512
21738183bcd615c670784da1d0c1083ca28691aee710819cecc177c89ae3c0e23b378e36bbaa9f4f83d947335d17e640d7049e4e84ce72d637062a69e5fa5101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2ac24993797f7248b641afa811bb35a1

SHA1
c60b3f6c117bd5d73a9dfb9ac7959c89a67720d9

SHA256
a0005b19a6dc6d20455e79c1d188b83a1214a08af83ea5448036bae94202ff53

SHA512
507f18cedfad87cedb7f7563b29f34b3b4363c80d66a86a85f33b28903719c14721971d2d5c14d19cfa7726fbcdad937b2a846d234f8203e2316315528024dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
32041c1345aa33185eaa0f709e8afa94

SHA1
51730d716c844ef2ae34d507a1b6fe40dbca5cf0

SHA256
749a49939932cfa86bc8783d239949d2af60a2b9d537624fc3d11bfff5aae65d

SHA512
a29dd6505b0d885605c049f32b203bad3b88bed1ee98d1c142e35a5bc71df4da7dbbc1275bdd848ee15a36c512a9c8122afd5bf4a654f7ea84f398a24fbcee32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
efdc0de6121c151398a431b7072b2fa2

SHA1
12f0e660c58b473c55c99b07f1e5349663191a92

SHA256
032f1f036aa3aa6187ed046df65d86bd811afa73e596d1b4dd188dd48cd85512

SHA512
84398317cc1f38f3caf0653d978a06d97a08e393a5db1d6c90adb7b8e27f2f4eea43195c1ab82646fde391f9b964cfe58282e6767cdf9a75aba78b1e2dd97116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
019455c00d6be980b8a2a9b7e59fc8db

SHA1
53af95fc457ddf4130c380c52af88dd769d1da86

SHA256
9eb3b62033687f0cfad551672aabf8d9d16d6dee1b0736ec9f92366e1cb3c14c

SHA512
3c44b9a2ac34fb22a6e592c5e865bb0e3a46a005d20b9c0e90c38656fb5ce7d77871d2079a9d5faef7ea1ef2685b6bd28b71c3dc34967c43bda6d3fd6b151b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae5bf6f107fa3b75af1b948a439f96ee

SHA1
fb1382936c8ad74e43c9a3c7c63f5eb47fd1fecc

SHA256
2d59698685b0540716c0c19e106779c4e8e7f94f06cc7f800f35c3c3888dad14

SHA512
a24e0152567c5a8b7d7f6010ebda6f4c52b717992cf29b6cd7bcfb1f35b6ae728a4581edb2320b716978802e2f5280c6e3768ca6dfd8c59587f1af7d46af7d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17515a9cc2c45fc1677554339686c7c9

SHA1
be6b48e5ee1679e92b58cd3d2029bb4f6f4d89e1

SHA256
883f7b1e15934039a0921abc045ebcb8f2c4c77d26cdca341607c57e9809fbcc

SHA512
e32ee2f9da8472bee5ccb5ae53c24974142b9a7e5f74e5d895fc0ddfa83215b26ff5d3b7ca8cec25555965922af81b24f9068549c53024a5656a8234ba597418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ef3777d850b1c7724126d0cf2437e95

SHA1
96fe025347b63ab81f7849a0d576681d0775bc0b

SHA256
3174f52060263b15935b7a981776a1406b17ea4556ab3d3cb2bac70a31e4410d

SHA512
38db7f50c728efc9506198bf11498d37546f97dcb4ae085a574486c2e1837646198b6de08659c11b2f5ae46e10e16b576f433deffcbc74baee88127c62df5a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ae146935274c19708aea43b0ad5f3f80

SHA1
7abaeabc630712a5e8daecad85ce1475d18abd70

SHA256
f96e6b892383eda6b330f1c6198181a155595a1cbdc9c6955ad1d04c79590f17

SHA512
0dd7a19486c578911f577988a66529f86ea48aa15ab3d0771412a8a80a85ef1370604b003d9ce1b6806b966fc23ae3a8d4b7f247e3aae207df144d3a1edbdae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb77.TMP

Filesize
371B

MD5
a5e421b4e647264a871c62ff8a89d350

SHA1
76cc9195eb7083f780e41cb5487398a4025dd24f

SHA256
c5764f0c4a56bfe33b9572d2343fa95c142ef618dc8ada4bddaf4765de3bb9e4

SHA512
fb7aed268967e792bdee865cf4d8bd1f1927fde489fec9177209d9512df513083a3b0a06a546163c781e8b0b834b873d179aa6746c2d86386e18e576120b5486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7df1a9f5518e03af2dac2962ae16913

SHA1
72aed2487ead266961cd03add6221b3d2912e16f

SHA256
e529e6252b1b84bdf526f4f280371ac4b6ab9609568c8ddbcb7308c574c735e6

SHA512
7f83af9db83c99562d844ed6d2a7ea1deb832d020a478b0a150eb3e3dcdeeaa08d57be313ade89a0a330ce9df80288e941ad3d6b08a412f08bfb696322aa1087

Download Submit