70f111d4a706505dd86d225772910087e0a46928b61e5626cd51230d5735d16c

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5a0b93f8cf224d5866cd63d776dac01_JaffaCakes118.html
Size

83KB
MD5

d5a0b93f8cf224d5866cd63d776dac01
SHA1

c8de1bf519dae82c64330ae299475990e027b12c
SHA256

70f111d4a706505dd86d225772910087e0a46928b61e5626cd51230d5735d16c
SHA512

420670952d7f5f3a921f36d7ba0b2c94d485dc442b858cb45f4bdecc4a8fedc90cc857bfb119d8723318cf5cbb9e059f84f8dda067e99a5e5b19de72362f5757
SSDEEP

1536:9E7uqEGISw4Ar7543Ww5xLw9T6U1af9OUHyQ1oPgx9:9EBEfSwHrV43WQxLw9OU1a1YPgx9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
3180	msedge.exe
3180	msedge.exe
1120	identity_helper.exe
1120	identity_helper.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 696	3180	msedge.exe	83
PID 3180 wrote to memory of 696	3180	msedge.exe	83
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 1236	3180	msedge.exe	84
PID 3180 wrote to memory of 2596	3180	msedge.exe	85
PID 3180 wrote to memory of 2596	3180	msedge.exe	85
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86
PID 3180 wrote to memory of 440	3180	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d5a0b93f8cf224d5866cd63d776dac01_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a19c46f8,0x7ff8a19c4708,0x7ff8a19c4718
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7304805129487125886,15434959044856061134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8e0fd9986e2d29ce6692cf042b6c4029

SHA1
ba46fb38a532e1c3a0edda879803b59c0a0d5620

SHA256
d709ef4b56380d2d1ea499b7e1a343e30f172e81a74f92da4ae2442ecd4e464f

SHA512
0c897b99ac6e814ac163ea5cfee7b3b106e8d8546237872f37f821eb7f60246d60ff03d3134ecdfadeb54d78c38e165fb3ded1593be6c0a91a193c8547477a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5d33ea205e9afc3176105a531e91e30c

SHA1
db7848d2b7e3de03dda238c87b781f92bd1756e5

SHA256
4663e1515e8c437a05b81a1aa87785a989cf5aace185860798864b85a609237c

SHA512
9467659f9f0324214b32141033b79fc98662942789a129f83d674d802f2a3a17ac9167a2d7fadbbfef896028a5f96b67ca7e4ad206f3d41a932ec71916e3ff35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
003fd97216750ace1b28fcd16840f2c8

SHA1
c039e858564edd7b5cfed4f092ff7f1dd4c15090

SHA256
fa9ee3cc61a2f07ab2bda22b75066d54b6295794f6ecb22550ec5330213cfd66

SHA512
b48fb8d01cce0e27fa3965d8e631b23e9dc07ce9159ebca9002a758613f3f86e5ef36d8ffd4b9b13188bebab234d0570efc7cdc53fa752e80187f788bd825c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5aebe1d5d7a02f169c697fda33995134

SHA1
f955a4360e7d642bd61b6720b98b7283afcedcc7

SHA256
83eb052d929fa2fa44fba93b49cf7ce2acbd105b803abd21c45a20d314b9b847

SHA512
1eb95a1116e53d1022e3d321173789b5a6e062a54070c11dd0c7a25542c312b2c39030dd7b32218444150423f12584c33ec4637eb634ecceeda7c302ed7e971e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42efcbbeae650d86fd2121beb0a0e437

SHA1
0a5443f7b14c75b4519e006bbd85ec9ccea0aa0d

SHA256
33eee157d0ec7b3fb351f29c2a8161a3a048846f9d1ffb61b3c955fd4ddd19fb

SHA512
bc9f16796fc87d36374e4ecd6ec9f866dad04e8def3ee042bd26dbebd08f960351ab78fda003838686d996029b196503104a325d4fe462b615e6ee65da7044e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85b80714fa1f8e98f462e46054a13f90

SHA1
871cabaa5ecf1b265524e59893ff31f911aa2375

SHA256
f59d9e9257ee6f2d17ef5d0fa074109283a1eb2086f8e4bc64db67683ba2dcfe

SHA512
412ab502a3743d94653fbee45ff28544bf394b165a0e1473a846ff5bba27a826478315f0a9eb2f32d89916ba646203ef0737d9b6dcbefff24ee09bd4c871beb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5531f7724424159915a32ac551481cb2

SHA1
0a5e67e4193421efc092137d4f9a80e34331e1ef

SHA256
fbdef2bdde94a1199204760fac8b5538ea5dec766f646b6e8e8fd944f12a7531

SHA512
60efd0ed9354bd7492564ff354d4f3a467a4b7a94b0e59fd285b2e41daee96f493962629265edddf91561240da35ba76228bcf28ec744e27665d7de9c510c6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ed969a3c828e38bf4c67366d205bb40

SHA1
03f9440ab7f5fb1d7c4a7720df4c4f450d2aee7e

SHA256
4dd490c780c6a81ab51fed32e376835454848d7907461276dc22c9e1473cf75e

SHA512
7a73c4d9c130c1a096d9cec0792d284e201a1e2a4fd23bd6d94b97ec39a24a3076b7d611ad5d70e757044658563ac41a2eba276731d87536abfc7b11edaa0795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bde6894384f9e1ad28255d24d881c899

SHA1
96ececc2e509eb10676c0ec3da53e90bfe4dbdd0

SHA256
b60c92f8e7e63991e2b56a3d287a2ac6f548aee891af89afe7ce6e31a8813291

SHA512
ccecb12aa58b629a8752ae77cfd2109a3f097ed59fa2db9df3b57893eae891483ce09e8d82f91c75c57e9b8758ea8b7dc6565b82a6924a74f19eb270444fdb12

Download Submit