953d2761d761aaf3ef13817dee7f3e4e53aacd4fadedc3709172332161448f89

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

835267e451494c84d70d5fbc360061d5_JaffaCakes118.html
Size

80KB
MD5

835267e451494c84d70d5fbc360061d5
SHA1

d992a5e575d180298115d26ccbad2823bfc07b44
SHA256

953d2761d761aaf3ef13817dee7f3e4e53aacd4fadedc3709172332161448f89
SHA512

a62860a094b1005f601dfc96b57b29d064b2079ba18b744dd700a85c57b7ea5bff4e5550de9549419debae86ab2a7a1ec8384ce887420ad6717c7c061faa011e
SSDEEP

1536:Y1xS6Ob+xC1a79gIf9B5AEV+e2lsxx4VndcqCm1u6luW3O0dq5:t6OSxKa79j9bAC+e2lscVnuqpu6l6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
1124	msedge.exe
1124	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 4552	1124	msedge.exe	85
PID 1124 wrote to memory of 4552	1124	msedge.exe	85
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3508	1124	msedge.exe	86
PID 1124 wrote to memory of 3868	1124	msedge.exe	87
PID 1124 wrote to memory of 3868	1124	msedge.exe	87
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88
PID 1124 wrote to memory of 684	1124	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\835267e451494c84d70d5fbc360061d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff003946f8,0x7fff00394708,0x7fff00394718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12551982912494132793,4703663244864446793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
42KB

MD5
101f2295c59a6c129b95bb68093aed06

SHA1
12f5843daaf99bdb874dfebaf10660c54ede2120

SHA256
9b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7

SHA512
f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c45f1ca45635d64fde5649c83822a672

SHA1
0c713b1bb6f6158e807560e2a79991054f7b249b

SHA256
8c29bcd0a5ba8ec32dfb52a5b32be088664c61a09f60f645aeca16e03081e79b

SHA512
864c79c7f5f19374cd17e65ccae7a7a98ba10d7f6ed3fd4708dba5f9b9387094daef7ca1f0250d95bd2d429e214a96d576a4a7aee40174151ad7ab326595c920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1653c1de1aae67a7120fed8d07a54edb

SHA1
3903dad0d3ef3062d8e91e74dc02593d777c194e

SHA256
0b03ffacf35a9ab67a4754646804e171b7bcd4424164b86eb0a3fe3ecc13d043

SHA512
b8bea83cf2035d909626d1a1ca2455e7ca473b6bbcdcdfe23680ee04dccb01ea52eb3a190de6413be702e8478532639f5a5a47b459878a39be39247a46480958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
003a49af26a221e829726e5152815438

SHA1
b1fc792e9127144e0fc305a92579e23b8a85a542

SHA256
77d5776daaca5e9111e921b53b37fe2ab0b5370134b60b597c125bec222a6c03

SHA512
7f241428202c4ce316cad87d3286e9e8ea6e132726908512cbf43a4151ea6c46b9497b3f5b3dd389d3f35a1d30644486fe52b7196982d1801284c9507f1181f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00ab30692a922f291c50d1d507094a17

SHA1
76b21d500cde58da12ec26e0b4676ff9769923ad

SHA256
34b9a1df674e38b33ab2edce7b5b48600d91aaa337411dd6d6b2e258566cf5dd

SHA512
59f787baaa690c5e34c42ebe16d8e51e9e544b3ae6d4a76785ad91c6544bd63ccecbedd5cc850ff205149546d6efe9d97b5cb22505ebf2d471769bc7f3a2c63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6b7e1ab262cbf53c6958055f35f3b14

SHA1
959c2e0535090ed092bb106d528ca1884ba1bca5

SHA256
f20937a97d4c7d422dc7bb22380336a28c5be94d8c844b04ff447bda6da91b56

SHA512
ca7deab174bf3beb987ddbb2901301e564f3f054c14cbc1688bfc40154e9562bfec11c89515387adff84537ea412f2fdf9e1c7d12ac7f9c856612c25e3e9cedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec3761d47afbe115646c3533ec5788ef

SHA1
f0cd5a30d151d5891231377afae6678ee98a2f0a

SHA256
baa0d9af8771c84e53c7207ab52ae9f633c18cbd03c14c57840f99487881cb8d

SHA512
ba0f599b3cbe35b3c3ed80b63d223c1618630a9879612aea0c03e37afaa7aedb230011de9b9ede29c729e08bf4c722ba458c19dfb2cbaa036e91978bf087f8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dac0f521b32983fd8ab76e21163fd9f5

SHA1
13fdf24321a4ec4c651d83bead2984d7b9b13170

SHA256
96c9ab7f700a40d1505bc990c037c5d8458bf494c5fc4ca959bb3f17d1b798c3

SHA512
81c9a490c682fdab76691f1c28fa593927eee31816bd1732621758b7749e6b99e55b176b4d9c993207de816518b33a93ff9ce1521f5ac3a73473914acba73720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be65385772bf1fc49fb747ded8555401

SHA1
525ffc8dee78a199d844391b703afc3d75f0e95c

SHA256
becf8643c61dd241bf25adbddc911648484070060604f328c72bb8e3fc1ca23f

SHA512
2ab6ab6f164935f60b0d8e9167952d880280185f576a5bb1d61a5d3bf8545eaa3a82508b7d5839c82d478fc9773a533bd9a101bd8ee7ef1c614211232cde852c

Download Submit