9e4f1a722cb35035477afe5b8e8c1c0524fb27db161b3b673133db9671f4f9a1

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c6c0b1f32c3274da8f3d5e8e49ce10_JaffaCakes118.html
Size

27KB
MD5

87c6c0b1f32c3274da8f3d5e8e49ce10
SHA1

08223c00c4efb86d8ad264f87d8e1fcc93227866
SHA256

9e4f1a722cb35035477afe5b8e8c1c0524fb27db161b3b673133db9671f4f9a1
SHA512

98bed5cccccb931b2c80d56343ed245db278f39257eb2ad6d1e4a4c00cff9961d9fe01071aaa95dfa219fd4852162e4a47aed06f70c98859907456bcae7c44c5
SSDEEP

768:It+ntz9SwKwOw5wJa96CpXReoqzQCWuO4GX68clb+yTZEv:It+ntI9vAAa4CpXReoqzQCWuO4GX68c8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4600	msedge.exe
4600	msedge.exe
2032	identity_helper.exe
2032	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 1536	4600	msedge.exe	84
PID 4600 wrote to memory of 1536	4600	msedge.exe	84
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4576	4600	msedge.exe	85
PID 4600 wrote to memory of 4396	4600	msedge.exe	86
PID 4600 wrote to memory of 4396	4600	msedge.exe	86
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87
PID 4600 wrote to memory of 1048	4600	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87c6c0b1f32c3274da8f3d5e8e49ce10_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff82ec146f8,0x7ff82ec14708,0x7ff82ec14718
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4332410636006733877,8804879626574612362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6f4ae0230b120b3bfd1f690581c15357

SHA1
f9831bbb85e594fad78344bcc0d2dce59c363ac1

SHA256
34fc319c197aca000ed0fb092b3f4b47007ee49c39d9247076a514a7dd23d692

SHA512
4407a16ac93e5c4eef9d7678c37f0181ae5ecef6734c51a987932bb0f819c5d978f0f16195a53b08a2882423b3a0ce00221a2debbb9cfe8bf6d366afa5a9c8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a204aada2b2626c41002da31c05ae6bc

SHA1
9805010c273a3f5d41641ab901c1b945a77197c1

SHA256
e3417635d185ea73ca5c16b3b6bc0db16d01a6bc505a757c8b299155db7f73d2

SHA512
cb2179aeb8a76993e292cdc6faa636d7b66afe432bd88b784948ece0ac33b409f67a2f0a3eedbb56e970671b789bc34f6aa9803e5bccdce203521a8157780524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1e3df8d1d77022f98d5bb6e378339e6f

SHA1
b4c37e6578d19613ed4ad05d8fc77daf24c98265

SHA256
6b4469a7292b3ffc4822cd7652e30fcf97a2dbaa18e1978534dda55ef3fcac6b

SHA512
e01a605815e4c289ed83c8c0b65cb3a9c5814755ef51767d5b772d6e5d04adf7d2eebee7089555f08c15d33c8797abfcef6491e44fba108a9cf266b3e7cdf459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
86c6453fcae30eb5403312ba99a71c18

SHA1
b72a4ef25df495b5272e85de3b62f5c3980be488

SHA256
468f00c1b1f1be17d25aa5ca76a90a34232245b0ea779ac697c9b9b22693bfc0

SHA512
b6fe341a355db28a8fca403297e602bfc76ba70805e9297cb1be4dad7655682f48bae5f4514ad90e637aa2539565cf98814c9d55aaf3b4d3c0afac86012a1a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed4940e32ac12e2e45fbb0547fa1be4d

SHA1
066fc06aaf7c515c2d3128c06a538484bbb88e45

SHA256
1b01e26ac49a6c9012709a6e2d291313fc09c58bf478192a5a9c72e30a3fb3b9

SHA512
1101923a93437b7c34f5a3727754e2440e159a237e41578b80806025090963fa0d704687e3bd074e7d6652656d68738b58a164d32f2f5fdcd2335f58ec560731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35bd665610813bc1034d1066695d8f2d

SHA1
d8d73985f8ef990788f9e1fbe8baa28dbf0a438b

SHA256
5cc46c98c0d9dbac82f7ca04852d49e04e96571aeaec47cd50597325d6432fb0

SHA512
388f3a6de3aa8d0ba77a85680bb67feb29e5951e0c38ff1a2384999d1ab11e7ae1b07585eaa81242a7705ce6810e28234823652c3e371bfb3cfadd8903c087da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba54514364f3cb18d76ee36f05ddcb6e

SHA1
13204dc63ba83fa2a451c5b3c0f94a72c8baab8c

SHA256
946a6b57aeb35dca365dbcefdf6f80c04fe479e5e1d0c862fb78aa707cd1ddb2

SHA512
34a5e0c20e08f74c9955c59e7b82cd4d52c788e4c721e5e8b3cae134e7ca295882ded31312d6c8cc77dbe0e664b7e15a43bd9e283f827c07690a28a176af2141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74fed38f476b412ba0c384aa07d59ae3

SHA1
ee8645896fb406457b7fed089c76f24989edbe59

SHA256
d2c021e634cc13392198232a017f0b8600121cf4013e181084eb18bf5fb066ba

SHA512
9a112fbdfbe9299595f4a8b4975632a36284d1ea8600835a0daf07e857c6c6b49cc1dbdb012405c57545e9862f0ac28e5164a9f8df071430d712b20fed7baef2

Download Submit