45ca25a430084beca91207992ca058af879cd2317c80a99e26b8feb30512dd0a

max time kernel
91s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a968ae8b341fea64aeb3983d7dda9f1d_JaffaCakes118.html
Size

57KB
MD5

a968ae8b341fea64aeb3983d7dda9f1d
SHA1

4ac62bfa417f114e5c3618f843265ff18d51b239
SHA256

45ca25a430084beca91207992ca058af879cd2317c80a99e26b8feb30512dd0a
SHA512

e6023dd9748d2a1a477851c2116fb944c6b5a9478617ce12a4ca2ccbcd30f6d12ab0bd5a939f48bccb5e608bef81d5148e04d82d15d2fd6c9c184c48c2cf28aa
SSDEEP

1536:ijEQvK8OPHdsATo2vgyHJv0owbd6zKD6CDK2RVroTvwpDK2RVy:ijnOPHdsd2vgyHJutDK2RVroTvwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
668	msedge.exe
668	msedge.exe
3712	msedge.exe
3712	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 4924	668	msedge.exe	79
PID 668 wrote to memory of 4924	668	msedge.exe	79
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 3340	668	msedge.exe	80
PID 668 wrote to memory of 2292	668	msedge.exe	81
PID 668 wrote to memory of 2292	668	msedge.exe	81
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82
PID 668 wrote to memory of 2728	668	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a968ae8b341fea64aeb3983d7dda9f1d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe42c73cb8,0x7ffe42c73cc8,0x7ffe42c73cd8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5997558403198451737,5934595554262801722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
6ac7562660eb8605202e6c1c496570cb

SHA1
f68bf7838b2ff984853ed2b3e7291674df7e637b

SHA256
773cd6f7eff7624be14d65603fa8cd9e50deb1faea336587b812f5a204ec4e9d

SHA512
6b21fba1b88a08ae8558d0463bb1136680c635b2276db3f7281f3893477946c393f358705594fd229505382928929a13ba692c81fe0f430f33a1aa39345f8fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3cba2c1c911d87b166f9d8f5f1c18d2c

SHA1
6ebabeaa9727c401a3cc62d475cf48ab3937042f

SHA256
98c919bc265b89da58c1bdfb6280ee973673834a67d2e1d226640246477c76d3

SHA512
781753cc5ee7d24ff3d69a0743a9c242e94a2302d1ba073decc1e5e20f0be56b526486ce66961c6bb81b34d33ff35249fa8d895ded026a29dbf51b44ad56854a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
722b902e81b4f2fc804471b8402fe398

SHA1
5deacc196374fcaff1d11f7e43116edad1af487f

SHA256
25908562e5bd4885e412fd5ce66e197df475c7a8bed4bac2b2b2fe7a8a9b8d19

SHA512
053fe97595dce156e6e73e31970a60d03ed5a7240aad40682965038e9c2f2f733621fd805db7a6bc86cef570ac51c4334b5a8f6540865c226c74dcecaed7ee9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc11b4ed62e290a9793c615650b7d25b

SHA1
07ee1dba32e296b6152174298cc10ab92369f3b0

SHA256
c2eb6acef86b6b5e2fc3548c47d229fdf26bc0e99efb8bd52e99a59e3e86e64f

SHA512
1dfaaffb7d8821153bf982484e1978c4068786247398df288fb5a974375da7f794febdaf8749f2ab1932f9d8a91ddc41813d6af14655ea2a15c63666df6f7121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f63d874bf088709a6d94c49d6fa666bc

SHA1
3d0f8708edeba908fae2a626ae911cbb548375aa

SHA256
20f7f7bc9bec7f50af2368bef414584cd323835de8ffaf3f8b616d80602f1ad6

SHA512
1154082a7f79accd586e44dcc7deb76af546f33bb2aedcb5d2129e87129ccdde419b77b3a4aa5f47847a9fdcc2d6955c9f1af729fca39bd5fc0786202d3cf601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b34ee4f1a4f6fc10c42be2bc6c2b24c1

SHA1
4f838248437fb23439cd8373c57ae44a2f0fe439

SHA256
05e111acf0f57b251e55b947f1259f5a05beb85cafe947950a34f0b0eb7ea645

SHA512
80bd378a22c103c4508e229217f80ec1c43109953cb5c68a9fce40b24485708c1448f8887a81d130136fed5eefb8df89a1ab94a74b6b3af9a3a32fd4d6780e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4665fc9c7c5f4a33bf81a95da29b131

SHA1
fb4220d6078d9f424cc998c78a5a7e2daf0a5ce9

SHA256
e8dda06f3bedd1542c3ae9e4dbb3366b162dfab8dc7e6fe5a0bd3398acb7a760

SHA512
770454f2728cb9427b758c3244cc141e4b48c57dc93b8542a4d8f949defb9d80cbe472b50460b6c8370d136ffc125d2527190d519790c98d16e11c7b3906d483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b43fc5b52fbde94b8d6062550af1dd32

SHA1
a347683ee8806fdad7cdf586f7c38140de90478b

SHA256
6e4a9d9165155fe5f786d6034b265bf4ac7e7dfcb45962132afcea169c26e0d0

SHA512
444b26b849a08115670bc4a49fe19bdb82648564168518f42babd45bad94e2e7a15e0ebeaf4ef4482ac176ea6c63d96607aa52d007a95b492966c07bf1388235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cefeed60c4cd34ac9ddd2115ee624b83

SHA1
15d7110bb9e3095a8e77ada987b7ae11c4bd1aea

SHA256
85db6fc7ac0436824e830641124047da8b190c8acb8b5d78d61d7c3fb08a77ed

SHA512
800a1dd3b9a1275741af71cdbe9bf2b2d06d51d552f7314b4d9d626166338c2cef4212ec27a3761888e9fc3b1328258a831c7e19144d5cc2a2c3a7566f4bd3d8

Download Submit