6c02ef7d01e02e11012ddbfeff2f6097133c6dd9afc39ec64c90d6204a61bbac

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c07e2dec6195e5e5de0d710d9e4fb69f_JaffaCakes118.html
Size

70KB
MD5

c07e2dec6195e5e5de0d710d9e4fb69f
SHA1

88d777a0dd2f053688504bba3efd1ddaabe9374c
SHA256

6c02ef7d01e02e11012ddbfeff2f6097133c6dd9afc39ec64c90d6204a61bbac
SHA512

c847f1f5603e35ab0f972a2a99f217c3083fc98e8616ade9854c2a2575a11a340a1f39a736d1a3ce1d59882f6060ef67457c005b6677c4834a60642250365a16
SSDEEP

1536:AKAIWfYQpFijE0ukewaDHw7a+sSClHeVUDDkaU7seBkg/fC:gHUuAaDHwO+sSCVU7sqkg/fC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
224	msedge.exe
224	msedge.exe
2676	identity_helper.exe
2676	identity_helper.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1648	224	msedge.exe	86
PID 224 wrote to memory of 1648	224	msedge.exe	86
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 3556	224	msedge.exe	87
PID 224 wrote to memory of 1800	224	msedge.exe	88
PID 224 wrote to memory of 1800	224	msedge.exe	88
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89
PID 224 wrote to memory of 5004	224	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07e2dec6195e5e5de0d710d9e4fb69f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe8546f8,0x7ffafe854708,0x7ffafe854718
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8070971552109614722,3485309965261102131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7ef0c0e5ba0a4540e7cd5671eaf66dc2

SHA1
06e06ead584ba5878e48b6800a9d0bb869fd837b

SHA256
58857e5c35ff55b52cdbf8998246cf5fa1a4b812f0cf30186adfb05ca8d6c595

SHA512
c0e5c35771f28769622128614e8b2c45346876a41c2df7666013ea9cf28d156538317c1d4a9926977e417fa3cb5d1465b1025a0857e1768dfc0c2d6692449266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5e3ac8551c44c7af670a0247dec7efbf

SHA1
97a38db2b0222e5828bb8e1812d3f94efc3c12ae

SHA256
43741afa0e5bd3cca857ffaed13b64c332f346a08ef838a2301b862122217446

SHA512
7e7658b51c00c23b5044eef49271cddd07ce635716d1d60fc6cd510641f63f55d6f2d8ee53737ae125a68a00f8663a66bdf2575ab174591f0fb46f0b750d3999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d1198c6a8566ad534a04c0e2a22dede

SHA1
938322446bbef117014f3627cd2d89ec60edafaa

SHA256
fc81f1b068f7beb9f65a2e3d8c2822b3170dd360c34a60196ffb28daed1a1f75

SHA512
af5b1ea0926200144c020a438d3614b307dcee30ae4ed09c6d6c8b43a67b87c9ed1f2b27141c448222f6e49defdcb119f2a0d77a1f88e79578c924b7f45ac574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fae5bade96870def0c89036273f46fef

SHA1
d582f231d1cf30dd79a376ee8b07e45237019e2c

SHA256
6db2e793557f58466b4c2a2796f4e2945ae3f1c7eb3f2f0b8b4b531102168546

SHA512
1297f15eecb17e638fee7d374d3e634f56f851b1bacaead3585f87ab09de548ef85492b3db4630e4c264f30e4739e839cde293ec5b7ae1bd7636d97cc01a63d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c0bb6a5953e32c700977eac6d0c6203

SHA1
92640ce587ec840ff3498b8039800b7e5e941815

SHA256
9aef0430e86eca435a37b03273666e1538e8e04df84543d947e9339e7e8bd560

SHA512
018ea486ac59131dd5285726aa7031037d59c34f2326a6353252edc1c4d0ee86db4c0b3cd1669ee561543ce9f56e1f40e0772044e222f0c23ee1a02294a64055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9cd3998a3179e305ba7ed5869462c40f

SHA1
0ad828f6b4bd13d96b33b308f05a96205402bbf2

SHA256
67a7b42355602ab2af2931fe8ddd5da678bb94bb388784b6cb8c83076714e8da

SHA512
5620397f00d1011edd6e404fa8c7b78b207bf82088c36221d5f17cef2cb5367dfeb1060901a2996baf63758ff2900e43b4cd1c3c3ccb186474ac27b0df47faac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fdeb5b8f-a965-487d-864d-085862756f89.tmp

Filesize
2KB

MD5
ae39d05af09941e5a7d78b1ff2c09698

SHA1
d17aa212a0ba4872734066808d407362ae0affc2

SHA256
e9dc59b6a7498c3315eace061f090de9021280b22fe2c6d56a9f99f8ead8e8f5

SHA512
02fea9d6d8602b197d5c83d1e7a5fc09d71c36bd5fb46341cb11d27431ab910b49b726ddda5d03e531504c3a5843dd4a93eb2535b9496ca6a793ba34ccf03f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b43f8d07c735d9cc91c680a7444aac53

SHA1
83c5cdd8eb21754c10bde9644b83d0989057a14e

SHA256
3f1eb76a3e45d3bccaeef003fa12d655ac782c7a2f6435cb47836e8a069b5c28

SHA512
42e112ec9aa5c3b093d6a65610a35a047e40532c161a91a065d537771458cf66cda6ec3d8be2cb8278d300acd7c7eee957c31aa85ac3b4b8d6c30899cf5dcd30

Download Submit