27b558ee731dda1d97f637a99dbf13754f27c5b94730135deeac998ebe737a50

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf9a51772f8e5ff34d54fa9922007d7a_JaffaCakes118.html
Size

23KB
MD5

cf9a51772f8e5ff34d54fa9922007d7a
SHA1

949386e8da7f20aa722b5a1de85e4abcc3a35f89
SHA256

27b558ee731dda1d97f637a99dbf13754f27c5b94730135deeac998ebe737a50
SHA512

cf44c4a681b630d4bb44b1653850cbf672ad0cb20266ff81fcf89bdfd75407540784bc00fc9727364490a60c73b7401ed9ebce170e9531c6d02aa9e76b765619
SSDEEP

384:SZsd0KTq5Tlq+mbHSErWbqgeexOJb60Mhjvl6C+HISU7A1pupy92YvuxYK2Z9ZZU:SudXOVMtsqgee4Jb60Dfupy92YvXK2Za

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
2380	msedge.exe
2380	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 60	2380	msedge.exe	83
PID 2380 wrote to memory of 60	2380	msedge.exe	83
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4820	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	85
PID 2380 wrote to memory of 4164	2380	msedge.exe	85
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86
PID 2380 wrote to memory of 2764	2380	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf9a51772f8e5ff34d54fa9922007d7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe07ae46f8,0x7ffe07ae4708,0x7ffe07ae4718
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10849238114317772825,5752370490171809223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
63de02208c4e60b68debfb9b77ebcea0

SHA1
b80dbe6ae59e355a07da8c4e3fbf37e45f9df12a

SHA256
944d427102d037aa2baf210800b5946b31991bedf2ca08ff509c0a0191919ec3

SHA512
cfa7275495169002b8397a47abf9d30cd4757217b7d451d88a05a774831d6887ef76745aa3f0f705b352f8dbd7e414dc913c2ae9fc39c066f6eeb2d9ad43a96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5fecb1260d42dd0bad582cb9341f06ba

SHA1
f4a9eea01edbc68c1cb081d254696fe836c0ea0c

SHA256
02fa33d375cc72c2505db6e4a11ce22a07a04bd75cfe1686a13b135a408f6e38

SHA512
2737fdac3733acd910679d72a9f3ab52c36ea4a36527449287e700a598f630bea3f7c23fadfcd21c1918b2a1a77f0acea391c3b11776787a8fe65b009dffc7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4acadd47163995ccbaead7bcb0278582

SHA1
cc6b354f507dd31775107e516fb0a66657befa85

SHA256
979aed104f81aa5d189707e47dc550f94827996e7af7faaa59d507b8e869152d

SHA512
12cfefe99232b8828c6c956a7fdc34ae4c2b534c3a01c304d52b51150324232e9e3513ee27ef149d9694d872e4a27acd3fcc196295db51130df81ea85bf828f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8194dc2f207ce4a6d37dcf3e379b6671

SHA1
116e2c0ebd20ead0e1522c09aaf70699951efd7e

SHA256
a7a1ee3438a1161c6bc67b42e04128a4001cfce1ebdbc99394ba674879b16d37

SHA512
d2b08a7c47e5e0601c59024fa56ade33f6567a51651e2ce12fc134a0dbe65207f14a3d818b238af37dfffd7c7906842615afc32d573fcabd1f304bd4deaebb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12d84a35e8a4c284d8ac0a574cc29c7f

SHA1
b83da69ee7c1f7de860afb42a377966eb1e44574

SHA256
cd47411cac2128a107f17200a1238986254b5efcbfa96cc5992d8a196e03ff09

SHA512
aea835ec5d7c31cd7b490cbe0f68a4c284050eb478f5cc81d11b7b88c73d059ded83c4cb6f49a3a7a1bf923a07f2eed2a3e8b570d27d8062d04aaf6e7020e0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ef189c1b7f777ce2fc6da7a06c7f44b

SHA1
641dddf62f9ab4550f19fc9dde3d7901978242cb

SHA256
172ca441c69d6b73d5448b6ef84ce675eb55c42d5ec7b7d4efe2ba4ca2f46045

SHA512
541b6a339dd27e12ac5093bd586e018537f15239cef5969c8a309642a327556331953f88f8f33b8c17bd801dfa2497836b0a7479e36e46715da195481f6dd86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9491297e2252a4d4d3f814c7991fa6f1

SHA1
5532a80e82b6f5d85780adc66e435feea146f220

SHA256
02ff85e19a6080dd2caa197c568b07826818ec32203c2a1b7e500d2873888b7f

SHA512
6aff76e4a24de68b97aaa536f3d3e20cc7f47151f051759ab578deb321e52ab0f41079a20a690b3c027e47631c580e79cc36315389404e800c1a03698c01634b

Download Submit