b7e386146a90c98e32708d4cb3cf1c83199345f8ac25afa3d2f7f460b078265b

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a446aecefad2a55385529747407e5eb_JaffaCakes118.html
Size

175KB
MD5

0a446aecefad2a55385529747407e5eb
SHA1

5a00de462bdbf29973b35e3e6c552dab89c6ed3c
SHA256

b7e386146a90c98e32708d4cb3cf1c83199345f8ac25afa3d2f7f460b078265b
SHA512

5d40358734def9c6e49d26f89630cb0eb02130f01393476fa382d2e9a7f4df631ac0f6543ba6fd982efd1f9222f9d8e850115f00bb54b8f4719dfe1d96623826
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3cGNkFzYfBCJisU+aeTH+WK/Lf1/hmnVSV:SOoT3c/FKBCJiSm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
2084	msedge.exe
2084	msedge.exe
640	identity_helper.exe
640	identity_helper.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1468	2084	msedge.exe	81
PID 2084 wrote to memory of 1468	2084	msedge.exe	81
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 3352	2084	msedge.exe	83
PID 2084 wrote to memory of 544	2084	msedge.exe	84
PID 2084 wrote to memory of 544	2084	msedge.exe	84
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85
PID 2084 wrote to memory of 4452	2084	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0a446aecefad2a55385529747407e5eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c8546f8,0x7ff80c854708,0x7ff80c854718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13558110448175277203,9885327612075921605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
17KB

MD5
f682c4cace1718122c40a8dfec86aaf6

SHA1
985fa367f59ffbf2a0a12f45dba790658647b8a1

SHA256
b05ca8bb7a7019d6a39e55e7f5189aa96ce8c3169f8fa49999d0d17d40df1baf

SHA512
1785cc832db635bd4aed2ba57f04fe36ba34feb279a48c80ec08592a2f6c6293068b238a9e6dc7da6890e408eac49f22fa5e3292f209ea3d0e78608501f5c73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
b8f502f1621fbd4a2d8ccf92eaf84dbe

SHA1
d2de2f061fef5b62bd91c434b02374f1bee93ad3

SHA256
16c838617870bba5777f38a9732fc2caca93d60dee5caaabbf04f34bd706c840

SHA512
2b4c82bc2f298609a113f72c0279fff85afbee7c754f8931efe3fac39511cc4661fa13522b25609804cdebd80204d008687d5c3731f557f2493d78ea4b1b803b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3a14320384673dec357df1b1a5c1dc17

SHA1
25d4e27572b2143b78b05bd9acd7431a4e12c2b6

SHA256
29c469ac4f197381a69e2c4b16c7aad65fcacf9a1f23f6d399535e42833f09eb

SHA512
f215a2afdde4802a17d733a76df0f1b9afcd80859e1a4469e877721a6a8f554d2652142fe7690f38265c0b04277092db436c87483bdeb99ca0470d67723d6acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9a7f33c64bbb4f8be71a83752f712612

SHA1
fc02c18d45f66edd32b65af031c302f977433115

SHA256
bd940a63e514d29c2f229cc48f3e0b920cbcc6b0fbaa81831befa71b3b13b223

SHA512
4c611872154577b0ae35f43dfe3a7970c665e5b8e8dff6d96e7a5bcdea13c8be3370d1874c6a7ec8e2c4246bfe7221af2c918eaeaab8300c8b6178a9b7033cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e1b3699f63f9c375124ad571aca4bf8

SHA1
826d08344651dc72412c9f236076bc1b44d5a745

SHA256
f74cdad5aea850d98cb6ae4509e323203156598754325d5be61a13991bf35959

SHA512
7db2ff76dd801847201d23b8a7f56cadc95dba86cb67165ee049a64f975489da9c91db55971a22764dec3bce22e633dc768bed64165ae7f26ad41641d34359c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ab6d5d222b7d7d755803fc07e5b627b

SHA1
cc5c7fb39fcda48789669daf530d60d8a53af3a0

SHA256
932264e9e6dd88db5610f07b6ef6ca7c7bcc071ef026b0bc45dcd1f83345f44b

SHA512
9bc2f6937e7251f0553d1d5569f640ddc1225d1fb298e4a63053c8e2376ce9d7910d8d48662074a95e612a05963baa0cdde167d43876dd8fc9b44569a276b895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b57bb372e6fbeee6ebf34c5dda6a014

SHA1
1ffd513cffd6b79155e8ac0aa360c1b8169853d0

SHA256
9b64271690a6fc6130e1fd228ad2249aaa0552e0138217f1b2a6cf62183d6d82

SHA512
2a2da4ab354dd39fbd404c1c55e4eeef61f0f11972e037056ce85e5ef5d199a79044a541d5a38e4ac602d58dcb30d2a3a355bc1a134e85e8fab55751176d5ee2

Download Submit