687590db9e400a8d8fbdb6d87337945de26ebdc129e14b0871a55d8b414f1da3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8784a49369f0283b8ee8f12d81a6758_JaffaCakes118.html
Size

55KB
MD5

e8784a49369f0283b8ee8f12d81a6758
SHA1

6b9d14fce89fc2f3667b36920062a53b6cb61f71
SHA256

687590db9e400a8d8fbdb6d87337945de26ebdc129e14b0871a55d8b414f1da3
SHA512

a16c18a703dea302023f82d33b3869971369c6648b2abf5b20654ef79324b45aba9a856f17f6a4275e91d3e6265bb390be3758cac6ff2f74b9597a9fa8f46380
SSDEEP

1536:uRRT9rCX7CeHAKsPbQJ1CPMeBrVjTRvRb8FFUUa2zArQJt:uRx9rCX7CeTsPbQJMPMQRZcFjcra

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
1456	msedge.exe
1456	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 3048	1456	msedge.exe	85
PID 1456 wrote to memory of 3048	1456	msedge.exe	85
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4448	1456	msedge.exe	86
PID 1456 wrote to memory of 4204	1456	msedge.exe	87
PID 1456 wrote to memory of 4204	1456	msedge.exe	87
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88
PID 1456 wrote to memory of 3200	1456	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e8784a49369f0283b8ee8f12d81a6758_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb0c946f8,0x7fffb0c94708,0x7fffb0c94718
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,14572754129644935612,17687924449593827876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
79e675d72bdce45fbc43984cca5b1e11

SHA1
498bd777fdf8d09e6508262fbf04f2f7b4fa46b3

SHA256
60cc64beb4a9047b98408732d4ff65fbd4dfcc9430453436e72c3e0ab57d085f

SHA512
760c8fd2c43f6696b8f20f0e475d68c45a650566dc8bd8d719d4f64652c82b20f7cb37bde18af8c7a5226bb7c21faa0629119a8e46fa768a046a62ee290da889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fa0f2613beaef5fae186084aeb125d4a

SHA1
f3a1cd3e9a9054b073a1b18fd0b64fec126b757a

SHA256
9412779038be62a7f37e1b7dcf3767b409cccf724f544ff2bbac2fe6a83b7852

SHA512
1f424765884ae3ebd538bd7da79ea942b6c38512a4818907cb4a0c80a0273866f91f31fa3b22ef927125b1fd3a4b6850147d226fad870aad163254a7d7be8797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8f6bea056ed2e21692a5c037b2099e34

SHA1
5cf759c8cda35dfc06cc6c46729b4e0fa465ab40

SHA256
ce7e649b85e42c9211af8764325bb11422644f9b55961d0daa431ec6edf1477d

SHA512
a653f3980e8b72a973f66cd273191f1996bf3a224f2ca9facc9698fe244e146680f39c4cbca8b9c4b4bfda056efca3f1475fe3da072208aca4c54ed21d395afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
097c00a2e5e3edc23595858f2f9f9b44

SHA1
5f7a7ba2a6b30d288e7e113a7dabcee6cb0be5f3

SHA256
88e6cbd84536e2026761e922a1486462d53b2ba853663b5abf5230c1c822a870

SHA512
fc6bf84a5cfcad2695f41e339e6506de07841a48b20c5b7acdd7865e464347a4a1b932afff625dfc950fbed47641e407106b516163089cedd7ae03576af52eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0031e3abc734a7d3a031ccf31b4276a0

SHA1
f2bfb07113da150434987e6a4ce61b2c7494a248

SHA256
223c891c1a0a94d9f30b00b37c353bf277d929c05831809d2b0b817292edd690

SHA512
37ea6a972a74301b14265fd86e4ad1615b98dfaf4c9e5c43622aebf4078a7482c41e778df04c77c1a5e5f2d68edb979b57ccee3506ce36a3a2f02c2b93ca28d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bad03d474e3463245cb1fce8b2e551fd

SHA1
51c7954ba2ecad37efc49dcd5595d5b7bb8ff3cd

SHA256
384692bc89c3f2ae3b7ddd4e96deb24e9d2d329898ed3f6e6ad796c3ba21d9c3

SHA512
91802320899b43a43ddd4371096a9a22b57bf69002886ff55388f0b1a3ec204973fb451992423e34032e66d4af7c7bd4d58fada3bbe29c4984ac31ede8005e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a357c5a1f3bcd1817f4b18f13ad0f490

SHA1
4b92b81b0ec8999d8bd69de6afb73c5dd259b3ca

SHA256
fda8121afee20b501e301eeff1000256d0bf1cdd1b68621d588fe54632fba86d

SHA512
ea9c3b2fa7a0796bd46d9c6a9ec1c983c73000cb0a8a81146be716054e9d3c8cf1599b53692e62f1ea16dada6617fb1287c9c23d0327a601e9e55bc324dd84d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3849a25e5261d6573fa165aeebd7c5a4

SHA1
9cd77b3e66d20c2620a75727a9afea0463cbc437

SHA256
a7ee5c8bcfc05dcca40124863ef82eeb68e2528da842fec6b964ae88a1842944

SHA512
08f5977d58c78a8819529a77fc56a258220ef4d1bc3cc686bba6e0db1539dc909eadc5e4749c131a1f3f69ef2a42e652476abb2ad116c5b9b367a9e8d6d729cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
107a47c2f1a810eaef38d9b79ca8fa53

SHA1
1d8a436ea2be472147c673a60509fedc6e6836c0

SHA256
b102a4074069930ebc0a8f73d5fec5434c477e2485c5139d92af966e49d92d9b

SHA512
96067e6b6a5fec4571375bb16086464fd64fc6d471a732f1d98fec7fbd39eaccaf5c148c7615a499e7846d3295660ad240fc40dafe7d2ea7d27d325408d47c51

Download Submit