79430d97ca84e6d59ed10a01c150c67624cb2ee4827072ac8e723e1d33abaff9

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

205949d73753a62af1d6489a7087e73a_JaffaCakes118.html
Size

40KB
MD5

205949d73753a62af1d6489a7087e73a
SHA1

62b84f9af436cf617cac96f8ddd95c6c7a5b9ead
SHA256

79430d97ca84e6d59ed10a01c150c67624cb2ee4827072ac8e723e1d33abaff9
SHA512

957104ab98e99c58b9876d185450fa3c944c1eb228edacb038c23be088bfee5ae1fdca3fc5f2b099723dd6779055fee7089acb25b5ad260e521c53d623c50846
SSDEEP

768:DayHHvPWlJXbHFJMjui98raxC/HzBlkjHYlEupSn:D3HH2lJXbHFJMai98rp0Yle

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
392	msedge.exe
392	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 380	392	msedge.exe	83
PID 392 wrote to memory of 380	392	msedge.exe	83
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 2792	392	msedge.exe	84
PID 392 wrote to memory of 1528	392	msedge.exe	85
PID 392 wrote to memory of 1528	392	msedge.exe	85
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86
PID 392 wrote to memory of 1804	392	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\205949d73753a62af1d6489a7087e73a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83f2746f8,0x7ff83f274708,0x7ff83f274718
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17475748063537447397,8474823678996468345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ce06ae683cba454f93a068b00a03ea83

SHA1
bc8f8d3aab9a0450b2995da0d678ad5b2a53fb83

SHA256
f24b6bff869421d7c5dc64b35b2bd75957cf8c6cfaabbc37a365fac61215da37

SHA512
39d3b0c5a0262d0b3c7afbff805da10a78c8792377b7ca9f5fa52a3aec214f4590c63eb3b88e1fa22c007d3a29fe34abc10f28560a8a261c4b873b3ba78f87cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0aa4dbb131be8150814ada7ffcfdbfb8

SHA1
9ebd25c9390237a4e426627de0705da5021292bf

SHA256
9594d37bc9454c99d2e38a820173afbd300cb3aedc1a337e53b2e0599cb45833

SHA512
4eaef61d8f8c78cd0e37418e409a320afeba6ca52507055f13f188470811db6e41bc93e6c53559b930d054706d949f0512d368996823d5493e4218dc8f27b43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2badd63e0890e7aa2ec48ed6b746f202

SHA1
2840c6932ec2dff69dad359b72e4676696683cf6

SHA256
6525ae4d193e8b5f052364c630b14f13b2a43deb5329e46361dcef3aa7b51784

SHA512
a5555d232312127355de562532694dcebb5fb9fe5256e1096201f482afffb4458270690cd01903d9c1cf20162d4763cca928dba6082046ff4281220af4ec6a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e3e89f17eda8e8f99c290b52d4114d9

SHA1
7ac99a31af0fff849767e2ed3783e75b5ae98304

SHA256
f33c7419a1b69c588a726705e402e8a28091370022f180eb8520cda5a01c9328

SHA512
35614fa422a02fda59ef48b78fac0bbf648e6d6701a657293c8937e8f7e60627340426b228ad6298f0caabe573a0ee5c743a4742212979a3a1b6f3dba7659b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2b0ce49eacbcfc4641141a39b09b039

SHA1
9d8c7766641795e1f4df84c094d26c3ac19d9598

SHA256
ab21a7f553ca46fd921f93dc792db29098b1558f2fa52beb71e6ff2b09cf3e01

SHA512
722a4e39a71139d75a9df921bb7702cc7031e364c74159c59bbccee21950c39e9cadf8171f1ed8c2af31dbbef40df99525bb0c57b4546cbb00d7605ec7695677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93f74b52b6dc37c4b6b9fe083d1a62a1

SHA1
b36f1639563c0d84e5a6ac388138bd74a39ae554

SHA256
153a69f83c2e4fb872d7573af7ec92fd15d4e4ec350a59c6bc80a18002cbb177

SHA512
30a51d90b222b155f5916a148a4feb698f52381647f0664389ad7af2dbc04cb1c6ca4d7512d53ef9c6b1de68c72bd6fc99e5ee24f9b50627fbd13fadd325b2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81a3dc5f13f567c9238c35ae1615b429

SHA1
508df05ca84cd852c699c2a6d50b2964edcdb29a

SHA256
6adf41959c1d97a6a9ef9309215ed848a4bf3db449e5454768639db5b6dfc782

SHA512
4778bc783039878a98d7539ff9a6ffc1c61af852fb0490f797c9f9586c717e249d111863964311511a14c3c8a405ac4daff801934022066b2e7c5f5bfb0e3ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e4ba81f5-bb54-44fc-ab37-a53b71805fb9.tmp

Filesize
1KB

MD5
6f83aceb53b6671d53910733c8a9153f

SHA1
eecd48069d7f0f70229ebed5a94d2c93fe1c8e43

SHA256
c64b61f44e92d593bee859b69deabf8378909287fd2a4ee0b7775a12cad249b0

SHA512
b4478e4313e973d12ef63c92c7c1097de1864cf66700419351f313d84cf3ef3f2846ce82c1ba70a8edda02c0847bee87f4a1ec77fa778fb4ab8137ddab67b4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fcd94cde5d7db28874cc90635508f45

SHA1
59c533a345fddf2401f3c7673845de8ef4668c1d

SHA256
7b5fd9d75587f47cd096268e7a6355c27dcbf8ae8e2d3a41e8df63664c4ed689

SHA512
f301a10639fc54781087523074b29cc5937f0213392a0d101d5b9eb8e312e95f1735d23862644d1979eb568c676dfbce3f02d7e3b9142fc1fc35f28ed9905555

Download Submit