004dd1e3a7813b858b9067e4eb61d17955ddec82c714ef3a791c2314103e83dc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f18991af48b9ab0b3ffe69bae2406c0_JaffaCakes118.html
Size

46KB
MD5

3f18991af48b9ab0b3ffe69bae2406c0
SHA1

10e1c942bed93916227d544a57ab1dbc742ae075
SHA256

004dd1e3a7813b858b9067e4eb61d17955ddec82c714ef3a791c2314103e83dc
SHA512

57aa415b7f977fd468f67d6474112c60366ff89284157c538ebc0dd5ab0f2394484bf5db1c073a4881f3334706e97cb8a9b65f6df824f3a18466129e448789ef
SSDEEP

768:hT1va97eO4tc4jIpiy64hbJZXJrcAmsAuov/KaHc79ozNjtDkZwHlEcEfhaOMN4r:Tva97eptc4jILJZhcALY/bH2ozNjtDkN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
428	msedge.exe
428	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 384	428	msedge.exe	82
PID 428 wrote to memory of 384	428	msedge.exe	82
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 952	428	msedge.exe	83
PID 428 wrote to memory of 1732	428	msedge.exe	84
PID 428 wrote to memory of 1732	428	msedge.exe	84
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85
PID 428 wrote to memory of 4736	428	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f18991af48b9ab0b3ffe69bae2406c0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13008603046656748845,1756138287939144369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
157KB

MD5
a07a0041143bc11d11c2fe0d37a5ded7

SHA1
cb14b39ec6f8a362a08d1957af211d81f750d54d

SHA256
233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98

SHA512
17811e64a82d0810bb293ebafd2a04b20efacff9e12ae3f6bc555f75232349766cc52434947614684ee43ff00478cdc0c92b692053bd31c38638fb15b2586f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c44070fa533da9a9c660b3cc68a04235

SHA1
75953df17b1eb476fdab57eb8ac0f7e6586e5112

SHA256
d80a5d22a466d2492bf7167e986d17e38f0551090704bd354d691985d502b1bb

SHA512
780645ff559a9adac9cb937f3d82e3e8a96d9fa1693c05f7a9641cfa661c18eedbd6f8b5f26e6d4eabd73dbf1e686ffabf02cbe0d729adda62e5a6332db90c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f6957151d375b8f685d77c06ce960f52

SHA1
65911b686a4fdcc5f3c159e64e9e0049159dc18f

SHA256
18eec7b9a04f2bbf618009973720f3beda14fce4e35c1860544aea79ef70c05e

SHA512
abd5bb17cd11c2143cf4d852922562074346d7fad5abdfa9d51de5179b443822dbeaaff379ad1e345160063688febcc1f307d35fd39e5723cee412bb4e46fb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
18eb6e2406895280f0d78fbb0f79e6a9

SHA1
f939eac668a423ee63263711e9a5f54beaab4d1f

SHA256
ca57e1a5f7d38cc40a5bbe90c046214b72c356ba840fa99b330c9e0fe9b3d42d

SHA512
652d70435f35f9094569596d9ed43a3431d6544372f5463e30109d4bd97cc479ac135aa56b5ab74f936d2ae16c3d4b29c950f43e9ce34185149a4bf2642600a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e3ecedf6c2b9dd1d716cbf789b1359e

SHA1
53c11ab72a27235dab127e38a8fb37c907e38e90

SHA256
3edfcf3e753e554a710892e5f0eff10fa0e7c20f1db0f68038a10a3b875c5e3b

SHA512
d8614eb77ee78fd36beb0f1eec7d1768dcbf37c75bc324ad681254a9aa89f9da668528c24dd92fe32513789acf0d9c6cbe32a20da802789c186aef47bc69f838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c3a090a36e7ed00afa298e47db44b0e5

SHA1
45d645a4dbe271bdac5c6cb23ce0b2dc0517e1a8

SHA256
7311489716893a81656e06029aa4a2e9dd2c9d759e9c62fda22be55bad85be04

SHA512
f10e783f1dce5d86198a1d9ed80211e1426adb875e6eb872098d4ba735b2a87a2da96713d9ced11a971d6481675a8fb844a4939ee44fc37b2d513cc97efc8451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15693381a0423f52344ee815c21e8d7d

SHA1
c9d30db4023d3d50e364464066b35f5119aadf04

SHA256
871166555b72a29a6a5a2facdef8c2b0e09817608da4c8b66fdc47296771a017

SHA512
7f4996167f7de8be238c3b685142aebc423ae741df8371ab87502b80ff5914d448a4c3b14ba9e826a85a631ca8ed11b306067bf23a25312dc8d372d965eb07bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ee2e276caa25b8eeb1000803446e979

SHA1
793ccfd20fa949204d311009c16c55b523ba7073

SHA256
f0150f5024783c33627d9418643498a0fa7235bb94312cce89fa24f9a0c3ea3c

SHA512
41c765d70901a3879447837adefdcdb0a6e2cab5ae9a9e0ac5287c62d635724096340fad6710e7f49dd9f9f761358812d697133eccf618ca334a309c98fcdff5

Download Submit