7d67967b0589e3f7e058fc197ef9d0871939e7694a173cc18bf78a0696a4968b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 07:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d162ee649559a90f63c827a6617b2190_JaffaCakes118.html
Size

242KB
MD5

d162ee649559a90f63c827a6617b2190
SHA1

bf15ff1bdca88e6a42006cc3f9a8fe0b5952eeab
SHA256

7d67967b0589e3f7e058fc197ef9d0871939e7694a173cc18bf78a0696a4968b
SHA512

c4c7f8e5f8b11e36ffb20b4b2792632234a0cafbeb1478f81e008ca65452cd597bca1ba436ec2a73d5216dbb49ea7debe181c596f5e956b53b3614d5837166d5
SSDEEP

3072:vW1HWLuTxmcVxIljwu+1SCe0ZSX0hqF62h11t:yHWHeVe0ZSX0he

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
4668	msedge.exe
4668	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 2212	4668	msedge.exe	84
PID 4668 wrote to memory of 2212	4668	msedge.exe	84
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 116	4668	msedge.exe	85
PID 4668 wrote to memory of 3140	4668	msedge.exe	86
PID 4668 wrote to memory of 3140	4668	msedge.exe	86
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87
PID 4668 wrote to memory of 1108	4668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d162ee649559a90f63c827a6617b2190_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68146f8,0x7ff9c6814708,0x7ff9c6814718
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,9468356961591788319,4595993133727545408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d7716d78e72d429cdbf426364a975a28

SHA1
7393e9a3d6d69c54654041bc91b7173dafd5d55d

SHA256
82bc9d4f063e5c378e2d32ba26bd66109cb79173ea3ca71b6bb1496d72aef6e9

SHA512
6c7fbd956b98ee3089c3a97bc036048cc2d036e0960952473d35d4aad04c9e6b08ba22bcc6bed860069f6d26ec20293665f35e53b90ddc986674e1bb1f7474b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3a654fb670889a75e7deba3add093619

SHA1
85d90ce9a732ef097f1b1616810eee0e2e24a8fa

SHA256
bad3351c571e05d2c9d373a101187d482ed489cd0de6ebb00ad3e11a541513d4

SHA512
cd9a8a7894ce36098ae150b64bf03ec5531c880ef1a7362086440f0e1108c13a545a5364baa3dc0b622bf07d8219f61b61c380c9188be1bd4928a67f204ba50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a06dfe87c1c16ef0e0c594c7823ed688

SHA1
31dd2ff0a8b350cb0784dfd77a140b5d61fdcab6

SHA256
162abae1c4125ef14c74f7816080533a493dce3bd5b93b115bc6324b5f608b73

SHA512
64bc35c88db4d3297137dbda8ffaea48c478a177d44c3ad86dfcc51ce8d620fb883df9161bfd1ff2ca1b3fa92f4f8fa22769576dcae80712980a9c43ae223b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
641aca2b22bfd010fe7fbd8e1602f52a

SHA1
7399702bb67c28cf09b45ea67f901c3ce64d1dac

SHA256
5fc0d3fa4a1f34c28ce3913b2e247bb3305bbbc1eaa30911ddc2a8536203c705

SHA512
19ae4044234f4a2c7083beeb1be319b484b3ebb007060137cdc8361c16224c7862c231d65387630368b58f992d9cbb0ecfbae911a07ae0b22b692ee7f981b969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9c4d7f3cf26ad085d5e353f092497a3

SHA1
49b9d33d335c839eee789686eedad0a52e03ecc9

SHA256
48e9eb0290155b473c59730fb564712d9805033ec3de86145f9a014a5552e292

SHA512
32c5114f755d9c9c12ff8e2f0d5a4848b87028e180527755775dbbdf1540a50a06c0ce4a05c8d468a9b7e545e0700d6a6a74d0e59f638292d19e413a46a840c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62bd5593fb9dd41e2e661709d970313a

SHA1
41c060bf17b993eca4f3b7271cd2ea549e61d622

SHA256
c7a0f2369e5aa735a7e7b63509b840816a90a8a6f8f628d75b358eef9e57782e

SHA512
c2a4a4050eaf2baf515e95a2ab0d35fb8d913e7d300ed7fe24d1b2c5eadde465a4caa5bf3039e188f504e06ce22299dae7e43b88c9b036ded64e6118a74d348c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76b4aac246305f86f13aee1c29305a7c

SHA1
4380b4a43cdebc35ba372cff731e4b89a671c535

SHA256
8e27087a1ea84fb0c1d88572895e768244064f5065d322ef7af3f50f6f32469c

SHA512
5978770c7c88549b10e805139ad096ed571a5fc3d88ad5c46492929819f38f87ce795c1174d4887ff60ebbde5afeae3c6f92f0838ccdbdba5f397617f1b51820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d7d6f8de15284d27dac3627362762b3

SHA1
ac2c8168af9231dfe1f9f7ff856fe7d1fd9c3292

SHA256
edbabfe87eaac86202d9025623ab89f4ec4db87d1da61abe04b4d22446667213

SHA512
24e7459ba3ed4004480ec39b85b7f1177593e8eb38bfbd633f08f4b9b32f24f9ce5ec8ee9b000772036f55c0d8c0d07d4b9a9de71679a35ba2dd785bae2b58ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
223ef0fb231fe2a4c0d0eedc9b3d4463

SHA1
1030db630efa910d461969e1e3b1ee30c36b730a

SHA256
9102624abe8c1606866e5f4ccd7f0dad634ee664190312309a5c226aac61b59d

SHA512
53192b0db1533d65fb2dca2864080fb67d9bdf62472a8614a6e3cedc2973f281d9855e83c29dbc733515ea195ea2336307737bc641769a4cfd770bd4840a3fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2facf06258a50a8e0da1150453278fe9

SHA1
5b5c36c305a9b7d2e194ac0be57cd442204a2f06

SHA256
ba85942befcd1a9244d08aa2db7410b3f148f011ccf6f773146204953bd2372f

SHA512
2c6fd965f221049bb05feb3a26fed0dd29667ff868f3c3e736f276141906a51875b3879a7ffbf7cd443e98e8ab3e6a9131f16fedde223836debe27973c058f5f

Download Submit