737d1a87b2fc4044128328e75bf7451dc536fd4b9fe898cb25019efc34a3787e

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 13:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f56997e774dd69405918788d1de3170_JaffaCakes118.html
Size

29KB
MD5

2f56997e774dd69405918788d1de3170
SHA1

bf70bf27b82cf285a9b6bd3ce27ec27b416debfb
SHA256

737d1a87b2fc4044128328e75bf7451dc536fd4b9fe898cb25019efc34a3787e
SHA512

3ae102ad0167c643f439c11f68a8ad7ca9cfe18f2aaaed5d31407b5442b083802e4c57d6e43fe99af41017a1933e6341bd028678a6ad12e2c16865094790e316
SSDEEP

384:SJqIxI0RhwYiVXe2thpc7S9DZniRkThGDOBdxQEZz7aSaaefGUGky04PyMzgsb+a:SJqIEHniRkTg4daiuSgsb+/y

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
1632	msedge.exe
1632	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 4656	1632	msedge.exe	84
PID 1632 wrote to memory of 4656	1632	msedge.exe	84
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3588	1632	msedge.exe	85
PID 1632 wrote to memory of 3964	1632	msedge.exe	86
PID 1632 wrote to memory of 3964	1632	msedge.exe	86
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87
PID 1632 wrote to memory of 1928	1632	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f56997e774dd69405918788d1de3170_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1b9846f8,0x7fff1b984708,0x7fff1b984718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12693784814116120803,6032342356554921015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
c3cd59eba89e1b8e0e3bc9c5698ef899

SHA1
e56c8064c91272c2df10a6fde7d80884fb03d9c2

SHA256
9aa568f09911eb132fdf331871314cfac9130d34f0172f95c88a65b1a4edd6e5

SHA512
a0c312c592e1cf0757f0a91fd0fb88c4b358506e982440a5310a47b8a406715e55e05db84310e7a789fe986c590f2d82deb5af6808220ec00e1ea899d5f2b945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
3c39c17029597fbc8d93f3ecd6476dce

SHA1
18554ab1913a73abaa2ce8f09db166f3361a861c

SHA256
866bd9567f75bb1fedc35a3f2235dcf7559655d6b07ab0b985cefbe941b6d565

SHA512
181657d1b24fac2213fcc544da8aa387324baaf4e24c09a55ab431a9345bad9ac946686199929c3742f2cbb95a7dd103222bb62a30b0d445e38dc72a8a43c07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d0320ec3e94c166fb429812027b79ff

SHA1
7c8dfb42b89d1332a84ad32dd6e2753784c34fb3

SHA256
182ec97cae7674a174cefe3d875ac89d1a1cb585aa0ea267920f4464d8e82532

SHA512
2569c425c20f8f8519770389dc70dcb146fc05c14786d8bf76b152df6891902a070159dae007a858d428ad26755ecbf400901bc74cd9fa97494c4dba84bc2f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e963f7d0601a8456be5e1fad06dfd589

SHA1
cf7bfba91a1413dc2b6283a968e87532ae691c49

SHA256
eb3df47f0eab1ac47eec1c40d34eb50d74f695b679ec0890ab5076910c25676e

SHA512
c19e0089cfc632cc1bb2994aba412fe6416aa6ff3a2b6686a3a733ae998e86e028b283e12264a4ea1139c97220cd26ca4561a659248a09aa96211b78dbc83e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b7968664945a5b977beba8d41756d97

SHA1
6dac35dd1857ef9cf1da853b60fa877e33a42dd0

SHA256
13504093e7d4fc9d06ac97fdcf8fc363fd1b256f12cbbaab0f1178b3299fd202

SHA512
1dec30781d7a282bad1961f2df969159db43838c3d2cb8f2b44a66fc9149b29d0b89d9ba8dfa566e7b5fa0f0f2b58e7539adf006a0282da61e63a2675ca7b8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c6ca4224670f4271cc4051aa4966f28

SHA1
efb2739aaf5bcfb0b5a2ebb9304dfea8df10f8bb

SHA256
309fa74bea9dc7bf19272a7659476019636a6f97d83a17b124ced553e32626c1

SHA512
3bc2d33466b4fbb876e9bd9309e88cc8d5b0e4a0653067adc5311999da9fae0be4f9d6bcaa4ff04673975856ba8ff2c32b185c9779eed3669030314f7b8c43a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24574d77faa803c219331a97c7390813

SHA1
deeeaa7e54ce7071f0e2b8fb1c1edba68d3e1117

SHA256
425aeaf51b3809d7a060747b320ba3cd38aa5b1234169f8f4f14d848b25610aa

SHA512
eb535b8c3e8173a82c6f53003e4504fd15a97ce6e4d06016d6d5ea834612d45aa4f61baa869d824bc1fbc2802a3fefaf65dcdc5e247a6bdcdcb9ed8d8d7d97f6

Download Submit