8c3174040f45af0a1f7f33624d92f6ca354a709334619c1150a0cb7e10338fc7

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49342e19d394fb66230bd6c8b2f11f7f_JaffaCakes118.html
Size

70KB
MD5

49342e19d394fb66230bd6c8b2f11f7f
SHA1

7ea1f4f66de58c965c38253e3a7295121e7d5e8e
SHA256

8c3174040f45af0a1f7f33624d92f6ca354a709334619c1150a0cb7e10338fc7
SHA512

942b057fce594320913dc1bf2c371f8c9deceed18079099165998c6345e89c49e8498b1cbed21ebe8fe8f0a7753bce78350366c832be7ab82c0340eb4b0e5fb3
SSDEEP

1536:WbvsBjk199zpI5hyKLhyKGJ33VmltCb0hyKyhyK8hyKlhyK0hyKTZhyKghyKmhya:WbGA1Y9GTdbykaTyT/2wxXKl/S

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
324	msedge.exe
324	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 4664	324	msedge.exe	83
PID 324 wrote to memory of 4664	324	msedge.exe	83
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 808	324	msedge.exe	84
PID 324 wrote to memory of 3480	324	msedge.exe	85
PID 324 wrote to memory of 3480	324	msedge.exe	85
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86
PID 324 wrote to memory of 4792	324	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49342e19d394fb66230bd6c8b2f11f7f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4124298471644686576,11046444753926451086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ba343efaa8caceee04fad1eb56133c45

SHA1
4bebd968d5082a1886cb79e4d31d85393e627c8a

SHA256
773dbe5d0e7b43febcb58646ca9b17ad7900eeaed1ba29ffbd0db0ea3356aa06

SHA512
79aa41dd395c82adbe77677a0d67ec566f1bed20781799c965f5ff66b345e0130e05f2298fc44e7bbf85e2ce494145b926328f4bf65372985e97f374adcb02fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
87990ee668eaca3767335721ad035a08

SHA1
feae54199de0f84908d8e4e5ad98e55389ad4a21

SHA256
fcada678684e2a56dc2a3fda94070303ee8e07a19c4b97867c6d81e2e142d7d1

SHA512
d8d6d7a549100e6cf685dbcaceb5c58f6da7c53bdc65512280157c4e55af3d19c8a2864c2b12d3c31e142b698632dee62a0749f37bebcc1bc0e8db584ff094fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e501ed85375c138d6b13576f47290842

SHA1
6dcc4417110cb9001afb19ecdfab487f7e544736

SHA256
44e1a4e0a322a0662e667a11c9335bffa4c3391e89f72cb8fc920135c41d506d

SHA512
6020e9638b5a5d5091824a7f8863f575b445985529e6322a940bafccfa9744f7e66653ae9c5f5bf85546e28b3b1ffa354f068407834a62d6ed66776d42f3b01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb6b84f2a89200e56bda73b6ad8d5cc4

SHA1
95fe709d0978ce5567672f63bc7e59d19b7e4e65

SHA256
b93c7e59a6d7d19e2cbf5f1e05240ea85ab20b05765fcb925d238321bed6c199

SHA512
95b0b7c4bfccb53458ff7b7f16d9aa9be44e0ac0d98a2bc67d3e5b3fc83fe429dab054e6019eb74235dcf5716d59d61a44f60bae455b3c2ea7e64675099c5efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1468ccbe3ca1f1f2eeb73ff58192bc7c

SHA1
93f21176f67003c2195ce6a06d95b7526f9892a6

SHA256
28283a0d0e4bed4d07a2360a004364e5684a58d33220e4c6da3d69238354afd0

SHA512
23cfadd0cdc8cfcd300f7a0932d51d7a47d53331b05e86ce4e11cd872ce2250d687557fbd1f294b3dc0d5497e2454450b4b390a12c4851f930ca4f470754db4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8aa4043f1c6663e8614571019e34a141

SHA1
8e974f02c37be1ffeb65a5516eb937318fdb311b

SHA256
98519a6f0929a77fc8102804d0a10bd82ce3e560fb5866eb8d64d7856142c906

SHA512
d530f0d283bda7ab105b240af77f260bf0950f04ebdd2cc65ce4d8f3f565c12bd799634c6750cadcd0d06624d520a0bffd06a77217e48ea24fc252e5aef66cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5d08e89-571e-4b8e-bdce-d9aaa0423499.tmp

Filesize
7KB

MD5
c055c34913fef271bdf34baef2485f38

SHA1
6b94ab816da63ae1504a03b4218f1298fe686bc7

SHA256
1cd2d73d2e374a445ee86102f81efbbda3089766c08fb189e787f4a9a89d97d7

SHA512
53ad15cc8898bff82ab137eabc86a232c37e7588a3cc85e1596d498041f9cf06bbf28e870872cca478f4d917f1957dcde34023bdde93c9f5a008cef7e2c58899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe2ee1acd03c3dfeea98f656b12fa55e

SHA1
f384e040b673b1522568d8aef6725f820b75be3c

SHA256
9671c4f9732bc22758d73b059b639edc81afb06e17f0b63a07f3cb2e38a7582b

SHA512
4e087cef73129b32c703fbb72fb73c8849a6cbd48293706df4457fc687a396a173667853109ee8a06dc385eda92e50d1c4e4218c1b7e47d2aa4a2555c30cda39

Download Submit