ff8fe6b5b803463f1fa277622f9b165a08641ccfa288c02864090ac2cb240f25

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f3cab5482d2217b6e6b30650d232afa_JaffaCakes118.html
Size

71KB
MD5

9f3cab5482d2217b6e6b30650d232afa
SHA1

1da01c5e70a223cfa1c09119d6cff167a0f64cf6
SHA256

ff8fe6b5b803463f1fa277622f9b165a08641ccfa288c02864090ac2cb240f25
SHA512

839e6044f6606c27ed74d326efa93a6ae987cfaa98da613c853b100c11bb73db141d5a1b84e0da3dacf4e6b35a7e64ca835dbc9b7abea0e5baf6ed6546e195e4
SSDEEP

1536:wGS/HFkcVXV9SfTh61JUqQ5DR10oUpIYf6pKfeTeeMeKe6C9jMG0zQ:Y/lkcT9S7hGJUqQuoUpI02KVe6C9wGWQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1472	4540	msedge.exe	81
PID 4540 wrote to memory of 1472	4540	msedge.exe	81
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 3212	4540	msedge.exe	82
PID 4540 wrote to memory of 4948	4540	msedge.exe	83
PID 4540 wrote to memory of 4948	4540	msedge.exe	83
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84
PID 4540 wrote to memory of 2328	4540	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9f3cab5482d2217b6e6b30650d232afa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e4718
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17617441058751232300,702515353832558606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
fef827f1c8fcfe546a0d945ce57f9791

SHA1
e7e078710542573cf8e96430f15b1f077e9fe9e7

SHA256
060752e4e00a532ac2486f34897ab8749aeddb0873419cc8a2e2dee8668caeac

SHA512
7a72f437c38a30ee64c50d2ff7bc85c41afb1a46053b823e6a6611624dac81a7d8beeb5b8b46376f82445c172325d9ce3cbb6e8a1dcb0a55d5730d1bc6fbb0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2da4b535248ae66482d23d5cd93d4764

SHA1
d2507f67fddc0773ca62755392f43a874fbd46c4

SHA256
86875a372154da648f94c40c0cde7e40ef61d6887e8ef9e627c558bea891427e

SHA512
5b00931afe138316190b28d509aed303dea04aaf38de52051e185f10867ea0e8a5e18167c3b2da68f6d59a4bd9bb4be4aad15d663b478951c77dd1f2678ebbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
90d62789d21269eea81381ce033cbcfd

SHA1
159cd56958f1707d148d0d95ec87dc330e044a1e

SHA256
e0b8fb86be815edf80dac7c95d15272bd3ac181ac292044fea6b22bf2f095040

SHA512
0db849ec4097aa5e2e1f228c0bb773ee9801ae35ce8f62f2e090e3276c9ccea734debe56dbd14c898c4ad959d2aba019395a0b3290951d7603a9d064232fb199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5af3ea6b501368fe2a6aecb35165539

SHA1
52db5d5156cf300a9b10dd6d39a98941a4659bcf

SHA256
b25efd683a3486730c162ddbb9e414c38ef9a791a59ff2d4a90b05da2aeb0057

SHA512
6589cc5c76ef3acaf0f8378d9cacda440f0c96eb500c90feda06c801fbcd11bfad6b2b7ba2ebacb44fb798daf437fc3f835bd9eae90be38d07c0ef843d2bc922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a374fb7338f4ac085355a09f73e354f4

SHA1
cb0fc37f1a847000295048f0afed342d7d25f958

SHA256
9f8fe4899e845f1a34280679b6e4ecb35df550899b8b5c41308bc664c633559a

SHA512
d0263b921365c9666cace57f1edef54dea5cac73c9296f6a5a25fb33a391629e67069986b011f064215d0ae80910864a80fe63a0a0fe190c7e2db03054f57d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14633388090840b77617727ad7b1907c

SHA1
2ab990dc80a25a8778cc155528d59839e7749931

SHA256
f19e67709615ae4afeb93675cad85421e282ca3e4af0e76066cc27282a1c8499

SHA512
668f3a350f26fa2dafbfaea6b40ab357856fd6344ae07cbadb3f1ad421cc30ef1121876753eb45e7305a00da3e20b4acd5614fcac0c9145b729fdd682784d6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c52b965f-5cd2-4b2b-8b27-3f60ad8dc04b.tmp

Filesize
5KB

MD5
38b0fbf9c3bf5e2f8b7815fcc9c3fac7

SHA1
61a06750de8cc9712a0972d6df506e5181954266

SHA256
3a143d5e1a6889abe458ba4392ae8219cf4d917cdee057bc45f0a2a4f1caece6

SHA512
6939ba821c0d2f5ad8d3486bed115897492b250a83936098051652dc59946e66bea9f0dd396a03ce7564778fb9236bf79e5cb7c423d182a6827673f8f4cb9823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3eed020ffea5c8f922862875b173e38

SHA1
763a5261beefb76e98ccc93d6bd3c813eb960568

SHA256
388eafaae8d41bee945f8ed228c550dd8405462ed31d1de774b29b44f47059fa

SHA512
a745c21558e4e0d3974da8cdf13ca4f884389b36a8748ff665d29e4a55973fbf351711684bf0f396f35df9e744f3456ddea96922a5dba26efca177a7b247c1e2

Download Submit