616dd395c339e9968f69cc00625ea90ac3b8450506fc0280f9e200634aa10a06

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fb864a790ef72ee3a623263faecb0a8_JaffaCakes118.html
Size

57KB
MD5

2fb864a790ef72ee3a623263faecb0a8
SHA1

47f825d2b19a809af22494d002e3fabb3bef8bbb
SHA256

616dd395c339e9968f69cc00625ea90ac3b8450506fc0280f9e200634aa10a06
SHA512

94bc30e86a08c1bce219da55361ef9c1ae3e6faf89e0db2617f1ab51eb715a46065fe708c37ff285b2697d0631de4b3887db3ba28957302b8d60572b03146923
SSDEEP

768:bgOriWNcaSoagGjxqzat8Yn/+UIr9ssZ77tDwUJVc2Si4:s/Vxq/YnmssZbJVU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
4356	msedge.exe
4356	msedge.exe
1844	identity_helper.exe
1844	identity_helper.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 3660	4356	msedge.exe	83
PID 4356 wrote to memory of 3660	4356	msedge.exe	83
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 4484	4356	msedge.exe	84
PID 4356 wrote to memory of 3252	4356	msedge.exe	85
PID 4356 wrote to memory of 3252	4356	msedge.exe	85
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86
PID 4356 wrote to memory of 2164	4356	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fb864a790ef72ee3a623263faecb0a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc274646f8,0x7ffc27464708,0x7ffc27464718
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6126589698196065479,11625180883743003193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9b1081d1d14fea2942a381c71ea0dfc2

SHA1
f0f426d306cedce29d6d516046bbfa8cd137a0db

SHA256
9f4f2bb68e6246aa7ee086e3b0a946ba63db2823c7d4cfc77cf0b134d4da4a77

SHA512
7366b0556fd45321017d67843f44880379c16e699330e139a12ebcee57a09d0d1951bee764a7d459d4d3e057d8eeb70646f096898354bc5c080feac9e0f8d49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1c11932ef98e3e0c4b834c32a6f2d6cb

SHA1
bcd5201e16d7e67d768f5f93832e3e9c0ea6d7bf

SHA256
f4a3d3a64d5c03f467676b8f91900b4f79aec0062243e40c88cb1b768e1120cb

SHA512
bbd43a3396c9fff2c2bc8ca18348d2db3f4c1078eb740c7536aea808fed67cf865cff606109bc40f977944ac1ae139e5054fa1dc91c78cf14620218b8f4738e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
734f2d86a7e5e99da766502b68e68e24

SHA1
c06fd6c6d0ed3ad2057027318317338a47d3f8c4

SHA256
7161585407476bedf534faa44465b98f9f5eeb4c3aec381e82c34203295f5838

SHA512
bad47ccf413e37caf85140b403d1a9bdbf07330e190c8b10cdf0e721d5ea492ad295e6c9ce040684c35b7aa2363165689ac9193c06e320a4667bc991c56c4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c905d48392d3a9a1b82e94b473fe8ff0

SHA1
a3b5555ddb1b958d51eb6a27632a8dc7ee0c056c

SHA256
a922929281a5f5d5e230363b05664181ab1ff69c8c5ad0075a03e278d1141053

SHA512
28d86c094273f50d25dd56ed6ea45a17df899bdfe1078bd4f673597676a8be90a5caaa7aaf9cf9423c530eed8ed87a019b9536fd55cbae1b55b2edb4cb7a89b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a84b6c16c65162cd38d1e4fa75e0ee25

SHA1
74590f0a430c8af816dc8cfb6c61e641e27e92cf

SHA256
68c9425638716a345c3311f8b934f147867caad2ddb1e61df5cd98591f7dedd1

SHA512
ef1b273a47f4288e746a481f2608e8aa251dd65f234e2697d0b9a6e41070371c5796740bf5d11221172620cb87efe0be63b9d42d35518462f0de5c82823d223f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3acecc33054ef0f3a39ed5460f04c865

SHA1
11c3872227acfc9548691207c7356a74be5cd2b0

SHA256
b724b761337d4d6d57c94014cf40f49e969aa60be1316f1da49069b7695c551d

SHA512
2ea674b2f7353f10461fa68355d39167548e0721a6a46eaf6ea436d5cda6a77262a3f0d2282bff21bd828fbcc79dca7a9634bfa99f52ddc87b660acc9a50008d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
782e35981a489656cee375cd7a1eec93

SHA1
461b033fadfcac85f8a5a6bfa9fa810421cd5147

SHA256
57918ac07cf7267deadb677da3dcbafece5dcd8aee0c4447f67fabab75bcc95a

SHA512
bf9c2e6285612843d610925db6a23214cdc54d26df94c8de5fc552dea029ee85f5c5b83cd08cbc2cccb0dc2c3d20d4fda7551db3a9aba20f64067ac10b66c91b

Download Submit