1d78a1e79168a65d2f9c3b73fa8e1e3a182e37e86a6977239683d92c7a8784cf

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faf752c5ad7e8fa61bd9e1179c1c84a9_JaffaCakes118.html
Size

197KB
MD5

faf752c5ad7e8fa61bd9e1179c1c84a9
SHA1

725195cd4fb7e80daaf702802265ab1ab2bdad9e
SHA256

1d78a1e79168a65d2f9c3b73fa8e1e3a182e37e86a6977239683d92c7a8784cf
SHA512

fc339e3cbef3d01e069b1b723dafe998fb8a480757b514dc032299c0b05450d5c99b557cbbde78f44890a56852f65cc04ccb9f4bd057e2505d0450189dce9324
SSDEEP

3072:LJe+phqlwlQD6eC/+xu0RxUcjvY8rMUkedVks4fjM4KANJf5Lm8w6hXW7D:Q+phqlwlQD6eC/+xu0Rbl7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
4516	msedge.exe
4516	msedge.exe
1700	identity_helper.exe
1700	identity_helper.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 1908	4516	msedge.exe	83
PID 4516 wrote to memory of 1908	4516	msedge.exe	83
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 536	4516	msedge.exe	84
PID 4516 wrote to memory of 636	4516	msedge.exe	85
PID 4516 wrote to memory of 636	4516	msedge.exe	85
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86
PID 4516 wrote to memory of 1064	4516	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\faf752c5ad7e8fa61bd9e1179c1c84a9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9657b46f8,0x7ff9657b4708,0x7ff9657b4718
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7617623056392156395,13259473593598473811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
79fd9514266a854ce762eb432aaa66ca

SHA1
613b10cfc3443317529c5620b0dcef7a85391e36

SHA256
e64539ee9a8cde2979d8b77803d3fd00cf4a19ff7e8452588281950d0d76d152

SHA512
eaf06b8b5ee11396c90340408aad7e616a2026145c651b6681f4b77695d0219ebfb38d0cffcad442b39f10aa5485fa6e80ea9cccc507f136a6c8c966c3d431c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bc33ef0546db1031d3e152379b1d9ace

SHA1
cd6d2c149e24f09074af6f9ef075285c7e97d8bf

SHA256
380fce69b4e7c2bbeaa60e4e4f3570c8a79ab1f7ec29fb79ae7c775bb729a74b

SHA512
6c00c4ca8a5b2b0c91686ea40ece7fab2e9c26debd7950fb09b5e5ab58593c415c35c1b8ec1f45201c23aef4eebb44787b8ea4580498d8c9565deb54cbe79895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
214394755aaac4cfd36acb3b84735249

SHA1
43240e9a8b13fbfdf0e1256bd2f52c038a9fcc9a

SHA256
c6c500a805a901180bf12c148bb0ed343fe77d8f9798b5bd6358f99e2922a79c

SHA512
ad517f3c7a8fd13a17e565381fe3071986077cf75980c101f8d650dbfc4aa8702d8efc2d8453cefaee4be84119ec2676a6b84a93ccbb3556b321eba202972882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee6baf1c4c4c1e041ec74fe4d9921f00

SHA1
3299c3dcebb53727ff05d9e7d8d56a33770cdd79

SHA256
438a86e37b36c1da8043edeff67b53eec47ab976e21ac7ae8d4c870632dffba2

SHA512
c4aba40b48edb7543f6328ab3e0ffe74cf708dff68d11fa2c8e1aaf50203a76898ff4a0e6909887b8c2b6558b2e10cf19ee83c4f60b60602c3f0d0256722f77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68cf91ac40f2cf00e2a4dd671ac81e02

SHA1
b915ec2e0b38bca6a19b3d521c14d33ae04f0e42

SHA256
e905174415720358bfe85d4680cb3217535f19355d8578015a05026c701ae5fb

SHA512
559799c82767aa53b7aceb10efeda125bb6c1c52e232ea7d4e5a94b34c988a0f14bdfa2c3a4d781bf7886f5268888346513276f7d3dc208e8f226e44bf05bf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51e9fed63314b10bd02c4d0227f7a4c2

SHA1
d9a66a9f57178836d03cb2dcde8717d5d5002881

SHA256
3336608dd56a5df7535e2ab128acf132a25544018a5fc8d90661703a1748dbd4

SHA512
b0331962d22ab121e24d08fef8fbbced1f8e3635ba09a0310f9dedab8095540e64602113c5dd6e62ad4df706a3e0ef40793d2247aaa1eab80903b71f63c7bf9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6008a9ecf05cadcb11e7794b9f8f4e1b

SHA1
f344e1ce4b2b3e864a31c5d413e0ddb63feec0fd

SHA256
ed949abebff5066e45a94f2fa647c360dcf9cc813bf9cf3a3a6f8ce659fa6ba4

SHA512
7ee86fa3152f091d745a50e836b86005737e178703afa5ebe07c31cab3adb73e93015cb6043e8ccde70943f48d9da270fe580d27a47c02f8f5f5d7067c975fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
4781aee80cd9fd608ce191b61d22b4be

SHA1
9f470e110e84342fc2d3dbb561a9862fa507ffaa

SHA256
66fb2ecffa0d88273994f39c60279affb3ff10337c72a4f18f622acc6df0190f

SHA512
0b1c72a386980b5e74d71f5a61b8d32a4da57b54df2b51fc6d05c5024c335699bdc7aa4d23fb608de536354966afa42a0d3d49ea646bfc8c07bba8807e577ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d1c7.TMP

Filesize
366B

MD5
56e3a0afe01bcf212c0cdd996ca87189

SHA1
8ab90e5f4cee9bf86a8f17dd809ce2ce537a5e02

SHA256
9d7f6ff706f735a8f3204c0edd53280c2a7a1dbf8afeca125b36639401dc9002

SHA512
a73ed5e9ce9d5a8c647b58f48a95cc7e24c689d37c21bb7242394a1a1039dc4548c0530091d0f917bceb707661d8628507518eeed410781233322aae56896cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b9e4e374585585b2402c8732ffccc020

SHA1
9ce885d0781bbf68af051983584af8c5c8b128d5

SHA256
9111b7caf0ec066a30f6ba268f01c3320e75fc867a862c9cc778fa42100e9b07

SHA512
cb454aa91e29307bb39d627ffa9222bca78d04f01217d0ab6ec3a146936e042a44ebfb7718e8f57274faddc3fb1588c2292600849715ebdc6781f17d7a73a377

Download Submit