551e5d1fbf30d447962043cd536e945577ca1a95909156d00681c922be600d11

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 01:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

379f94362eeb37bfbee94070d894f284_JaffaCakes118.html
Size

175KB
MD5

379f94362eeb37bfbee94070d894f284
SHA1

dec960f474bfb393751a51ef1649fd43c48e21a2
SHA256

551e5d1fbf30d447962043cd536e945577ca1a95909156d00681c922be600d11
SHA512

cc9d727ea9fbc6cee547d942497f47c6962f9b6665ccf8ea4d8d693cb6efb34bf1bc78854579d81ee7bd7d5caa450280d7eac9453fb278c27391abd0ae149f7b
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3rGNkFJYfBCJiZ0+aeTH+WK/Lf1/hpnVSV:S9CT3r/FsBCJiDB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
936	msedge.exe
936	msedge.exe
2840	identity_helper.exe
2840	identity_helper.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 4784	936	msedge.exe	82
PID 936 wrote to memory of 4784	936	msedge.exe	82
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 4852	936	msedge.exe	83
PID 936 wrote to memory of 3620	936	msedge.exe	84
PID 936 wrote to memory of 3620	936	msedge.exe	84
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85
PID 936 wrote to memory of 748	936	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\379f94362eeb37bfbee94070d894f284_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6044064957105760146,12638872002474988755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
750ac1afc9ee7dd557768978d15fba50

SHA1
133e9d996f8168881eb07ba83a018f738f5c35d8

SHA256
e1210625fe8a5279775627c004cc39fa045940ed57229f39d3d472c53d306fa0

SHA512
1b1dec12c116459a70bc7dcd657aee3c1616e75c26cb02db4775177cc2a76d616e3156c3c12914b8fa826b9009e2715a7a1215c8ba317737d01129418717ae50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
46KB

MD5
ac83857f0497a4a0e7669329827cf228

SHA1
18ea483c966969e43a654fcadea9719a8aca370c

SHA256
43337a1354f376890cdb73f3dbaf95a8027761c574c30cdecb321096be485d3e

SHA512
6a35c50764d31d4bac07ddbec2329238cd04f2c58c00629e523ae7fc2a7d6be5d1226f8fb6c3c1043b215c38c47951a66fa8a9d4f4d6ddce7664bd1d011db2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
95KB

MD5
3dfe21a99e36122cd7546f3715bea195

SHA1
cf14a670e3173a6a2228c2a18f814500ab40fc8b

SHA256
14fd31b8f71e6608c396c2016fc1679e154c31e83321cd66d4240bac07a7afdb

SHA512
8ff358eace7ff2b9561998755e47a8e85321fdf560788daa14ea0305183e8d6b999639775de37b1fa631c74ef05d9ce553c99190192ff1b5bc229d1c70ad2e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
384B

MD5
0e355d8aef1231a7c24866579ecbde9e

SHA1
833aa337126d85904d760b26f8fa36ebd34a51e2

SHA256
b5ae36b820696269b5f895906c0e688850b52728510c40c56c9ec4e54c1a750a

SHA512
2e438b87676570f5d27430691b7bd85f0c9af93987cd5d0d6da9758606440027eeff6403dbf902f4d66c253917633f767e46ab171d6a9c847e197ebff43a1e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ca123aabe9d9a662742fb5bdccce0f11

SHA1
103075df9c81eda9afb859c53087153bf5de3bd7

SHA256
636b408fe2112cfaa3911a2174fb54f9c42bb9269068285c9ff0be9684fa937f

SHA512
74234f2b0d79c56d7fe34f2bf55cdcd77b29d1e9801bb21118c45ac014e09a6d1da7a5832e242c1aa7874371791e8f265399b5094687bc93270463ffd6cd5b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0874deb745075f6e0c5b6feb4841b6b8

SHA1
89660ed77b461aa1b561c2686cf8b66ea6048f69

SHA256
88c869b7af1dd53af229276099fdd167723b73db08c9dfddaa3822b80eecd86d

SHA512
e03996a06d07296d53a2cd8b11f69ce70f4ac6d880b4dffe06dbdb3335d4c8fc6d5cc55e5b9833c455d608032a30a88ab3a774b4f03050248843b5d9f46c5942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45d4fe4d67d287f8ea64c36e04bef750

SHA1
3a17dc739a91b419901679e4df23f306ca1f5e55

SHA256
5a8ce3fd8a16e19dc63212ca85ef7adc8995c5430eb1e90b2627c11d3ea92dc5

SHA512
dcd899017ad5926c2d158ff3bb8d62eb409f7b35cee350c057092a5c120a643046542a9a28cbe8d75fb19af4ac6c9262d31e058c255cf3362854694b460dd816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b679c25b03eb156faccafb5bcc09712

SHA1
56283ce17389b3f0337a953c64207d7ee9c0e888

SHA256
42dac5f76fdd400be1f9b260e0da5287f256afbb6bcc61e5be8bca6b6c1de192

SHA512
20511cb3752adf0bce95e195bb2e171c587ad29d00c9ec11fa0a1280d5fe7d4265893f8e17b88bef3f80fc7d95b9f4e5275f3a9cc7d7ac165b8b535d3018dc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bcb1067482733c1d5e1e4fc7fec02ab

SHA1
39ffdcecbe8a1656911a4a1c54881747e72b9266

SHA256
8d7291fc77bd4fc4076d6d61b998d7d85183660de73a41674b75bb6f7d7c7944

SHA512
ae571c3a65051567e501b878a5ef2fcc18c49c57de77588060d40788e9af259f8165f90096659a7b3ac099719dbbc5bb0038c932a1f3753df074a96976dbeea9

Download Submit