bd5228cd61a8968102bf718970a3ae15a50641a692a6bcf6188ccdb337fd595b

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f2bf79716ca4616126a52e0c52ed5dd_JaffaCakes118.html
Size

79KB
MD5

3f2bf79716ca4616126a52e0c52ed5dd
SHA1

6d2fe94527e5fdccde2c7fc01ca74ac905b97d1a
SHA256

bd5228cd61a8968102bf718970a3ae15a50641a692a6bcf6188ccdb337fd595b
SHA512

ca0ec968d0dcc1c053c99bee982738291a4a2acdeebe3db633414b033472bce28e64e776aadb10356d479c04d9d4b206a01066d1fabf613f5e259afb6533668f
SSDEEP

768:I8oUogOriWNYaeoi5wK2tF3MgrY0OEhe0RThGNKNO2ULXnGBmXWcDAnm29Pdfl:IRMr5wvDOUThGNKNO2NBmXWcD6dl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
1196	msedge.exe
1196	msedge.exe
2304	identity_helper.exe
2304	identity_helper.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1924	1196	msedge.exe	85
PID 1196 wrote to memory of 1924	1196	msedge.exe	85
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 3624	1196	msedge.exe	86
PID 1196 wrote to memory of 2424	1196	msedge.exe	87
PID 1196 wrote to memory of 2424	1196	msedge.exe	87
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88
PID 1196 wrote to memory of 2348	1196	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f2bf79716ca4616126a52e0c52ed5dd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff935e46f8,0x7fff935e4708,0x7fff935e4718
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2926943294916487800,3255413815658986732,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
83c0e9421b9ac11d9b8013c2564c2b57

SHA1
81bf32a10fd7d09c34d750b333721f0ead3bdbb3

SHA256
8d2a75b62e09ec20c8b2b735f7c599f83856a3a398f8be2ad9424af4d3402d83

SHA512
701fe304f5509fc6775aec965baaab693c86d3a2bb3c6e51fa1755ee52420d13d7491d987d0c61bf967e689275c2880b7a8b919ced7857b8f80c16e7b7a364a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5e90c9172a076e245d3b5dbb6f945abc

SHA1
fb4a7fb43a6d95ee8cee18f52f9c8577360dbc99

SHA256
5f418ac025f0365fb96f23a5f4cb9bf450f0a8279ba6a536df0ca92563ff76f7

SHA512
2f02e308d19e10d4006ba540cf6da770b391928b8d78e1ff5ea63accc27c2e4d2532773fae4db39d3c41fe903867cb0b636081b4344359724f715ad299c201d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1f9a3765d5841be4264ebcc96fc2f96f

SHA1
2f27e5c2be04dac9c9d4382351283debdd6698dc

SHA256
6b89b8dfe3f9c6efe649cc9bdaccb280f152045e37830ffa101d36a1f50953d2

SHA512
4a28708b8371e5ba6bab7fefc3e831f2e65b4522117b47a1c8c2434acc010da05e5ca8a6fa2b9662a55f3aa71ab3215af59767663cdf372320aa130cde79e3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5ee2b1b7dc89a6fc63f911d618712c0

SHA1
d1799e43e30292719960e848b155583f32f95393

SHA256
45fabe13dbee968686a7b7adef8f35bf038b4dca761ad41450cd37294994b653

SHA512
9db35229896c3ad510eca568ef16ac6a108bdebc1db04139db7a9944731f1c89f15f477343d5c1e3b63bf191be85beb50254bb5581e053cf2cc8dcacfb8832f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fec6666aae846fb5c7930fab7f6669e6

SHA1
ae5d053983852ccf350e8f8ff69af506469b4756

SHA256
3dad93a95c3c1f1fc05fba03350e2fa07885dafc02aec3329fac59b3e9e96174

SHA512
623b24589be75ff2772e16e718da4eff78f004a3cffcd4727a42e84c8c774c467073923e429d024284a5f0326a6ca716e99901664fbfb10d0fd0cc34c61707d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44bcc2e2371b85e4d1e471ee05edb63d

SHA1
53dbeed3a451805962417f0d24ec19c235a212cb

SHA256
1424c08183712f7a304d903615d7f37894276b95095e037768fe2e0128376e30

SHA512
c84faa87f43b856d64cbce842d159162d54c16c26ebfe8fdb9e7da044f92dda4649ae7ddaf234dd4d7fc03bd184de9ac7db00a25355ecf95cc6aec627a35c299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2758298b6d33969084fc5617e4fb4f77

SHA1
44a7bc399987d8d86e981042ff616f74485508a4

SHA256
28639b8cb4d29cbc0d18ccddb0b34ce8c10b676bf0b765d14637cb8cc3d01b2a

SHA512
d15a05dcf8cc2ecb805c3780004a1dd98c53c7469cd97274289eafdaeaaf0972e1bb9f63e3ef9e3bb1767d8f48b962b51f48f0cd02444b49ce8a19a5e4e153e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd2fee70a9b0ff50d03389179cb167a2

SHA1
5b60688202790e489a2c1828bc424d2e336f68e7

SHA256
dee5f79648ef3f2e46f9f16056cc158b1d5b492788334a654f049ecbeeeecb8d

SHA512
25e2575d318c3803e1cd4d801e1970eec5c6a0396c7f57462ddaa6a7f3f78d8d4168b24016f37419ab500ebc2e84a1b12f377cfe11ecc1442140082ae5ca9f03

Download Submit