aa608391d0e73b09e77a184a315d9b2079edfdf4cd35a449f45433930c831c03

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 22:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5bc7e555fe18f485aaca57c8cd9a4ec5_JaffaCakes118.html
Size

115KB
MD5

5bc7e555fe18f485aaca57c8cd9a4ec5
SHA1

00a7691e002e883d1db86bb87ef97200f472a2e5
SHA256

aa608391d0e73b09e77a184a315d9b2079edfdf4cd35a449f45433930c831c03
SHA512

8f8d192dc8eef92fe6ee1bdaa303da8f8260e981558843c87c65e8af922e3bb858a4a06fccf946efaec1b900c6eb9f289ea082bfc1a9222ea2dbfb8334a3404d
SSDEEP

3072:1QqkhJAuN1Dtr1VDuJcJjgJPwTy6mN+2FSxhDzMMNs8z4:1QZ8YHO6mNFFSri

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
2872	msedge.exe
2872	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 4872	2872	msedge.exe	85
PID 2872 wrote to memory of 4872	2872	msedge.exe	85
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 4428	2872	msedge.exe	86
PID 2872 wrote to memory of 836	2872	msedge.exe	87
PID 2872 wrote to memory of 836	2872	msedge.exe	87
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88
PID 2872 wrote to memory of 3928	2872	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5bc7e555fe18f485aaca57c8cd9a4ec5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad02946f8,0x7ffad0294708,0x7ffad0294718
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17000600245306995902,13740227152494609272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
42KB

MD5
9f3020a21a5e2d03cc9ae735320d7667

SHA1
48b36ab9f4798576e9f5218ed1154ed1e5d641fe

SHA256
614e9793f7f661076ec9815858a822299f72d2377a9276278dfbe05020c8b359

SHA512
b85765b66dfa0eb258e70df123ef84abcdd4dcfe76272e3a1ed777a1ebb178e762f6b0b167f84cc4bb932b4bda9ae074e2d432d9fa2c6f437ab0b583eae56899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
40KB

MD5
d0315b4e8723ae755aee28dc288361b5

SHA1
6c235e898a9496c0530ea742c0f317b9004a126b

SHA256
b1642257f29514b01fec3ee803c9fd3afca1fc7f6817229f94eed08ddc09dba2

SHA512
d61875d23c404adef0c16bc3aaedebdacdae184372c7054b73a918e79a012ddc4e7b0677014acd675d167ca20b20de1098d021e22f5727d2af6f101d68203906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
16KB

MD5
6a14a3cd55e65364d78e4d446374f9c9

SHA1
c49d5dd44284393f46b8654f2b322cd8115c2975

SHA256
8cc406a6925a4c5fd8328e053d09decedfa0abed1c5bb5e0f1e823722e013ab5

SHA512
e22ba880eb0580db0e568da049f2297d69fb9efa396dde36e74380ede70576504e75b68023fa57b6a08d2e351df770f9a7f19d5923c7839f5515bcb58daa0d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
a95303ca3b1a9372809d72ffa31bca40

SHA1
65130bca144d3b49d5f97387173c423b9b4abfe3

SHA256
c5d914b6693616fcf2c61bc363660dcc5f6ea7de5a25b1d6a5a2a95f39846565

SHA512
0c0f9b5e3c94236e30fde681d8d6ee39ba42720592b3c96486064e683ae0e06b096f48158cd4be0a474db474c90f092ff8e24cc112f7f8d8f8c0cfbb574b6987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
36KB

MD5
35a51e38495aaf16a9afbedea89516d9

SHA1
12728c5a9fa3a4c8ce7eda5691898cdf9edd4098

SHA256
f0e12559fca9076577202ec712d76767eabb2c0c17791176fdb8ccd3768dc45b

SHA512
4d7a9ce3f3cbd6e5c464dd38e61ff496746c67ee66e1631094b1f8415be8af07cda407e062a1c511b66f9dbff6e9cbacdb94ebcf958fa3e0e6d7e192a1c22698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
79KB

MD5
acf91dd1f95bf350f87f652a7535280e

SHA1
cc5c6057274b6b2c0ecb4a849670bb0426ab3a5a

SHA256
3322d19758386bd5b09aef8e313ce4dc11310798875610afea5879066f265e5d

SHA512
1cda1386b56443f45fb61bd6c1dd6530e91c5afe11e4f28e4e726cf8a97717e83a933aab854c3cc5cd9fbf4468da8848a2b51ac960dfbc9de211ba1f194fc29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
265KB

MD5
95f2d1eea811bad10f535bf411b0cfdd

SHA1
db0626a2a168ea8739e2959649dbec4f5376d312

SHA256
72fcbdefd6e646efa417bd4634ed0970b7a701ac02cdb620969d59d104b2502d

SHA512
4b6568e18a06db3fa74090131c8c138c3b8613828cf324920f6de13331ace0c3bb076d4d00614ff5fa123c32cae5533f7a259a72fd550e89eef59bea01663460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
5aa9fa231018eb5c7c05d8cab4a82915

SHA1
4feba3cefa4440ff4153f6e9d604c4780d073ae2

SHA256
51056c7251d4094f350869966596aeb856cccc4eb496b768bd713d263f06a642

SHA512
60ede5a407c08963258760277210d8930b2681ecfae3c5d6af56d69a11b20938b556fb5aeacc34759768c0eece3363002c0d3223fe741d607bdafdb0bb6cb7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
173KB

MD5
f5c7875a91100fffb38944080a07b66c

SHA1
aef88862292f72ff627083c712f67800f5da0b1c

SHA256
cfabccfd132067d93ceb54540e20c5d5dcdb41cef84515bff993e1b345564a00

SHA512
4cbf3a0dbe73ec7406f0c67c616ef56a3515ddcfcbc7725fe919e09684924828f8bdc195829b801c4f85d9de43450d3da48b69d5acfe017f6f832b16f389db9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
39KB

MD5
2229416c4478f864a3f422c2b364a77c

SHA1
59f0389a92a856f157b5f2ff4d1211cae8832ed4

SHA256
c1d6654780325ed02bcd0bc1d3edc5683014ff51c0b41171cc89308aefcfc431

SHA512
22fb92f036ee00836729a1dccd03469b0f1fc4c0a6ab2b4a394f0048bad703892b2c727612188ea838145db76719c643cd52ba2409fab2f984fc53cb5591c6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
119KB

MD5
6eef9cc3c35a6c231223b0c46a19815b

SHA1
7846a211ee8ef72c69e20e4fbf97b471140d198f

SHA256
1a39cfffe4c38b74f8411ab0ab868c6ca8bdfe6af444ad09cd13ea64b8c14630

SHA512
aa77b471bdd12106a30d8d24ae49aa292463dde43e741bb89254bbf8f58a7f01e112db52526f199e61b083e5c0a9906e669bc0ffddfdeeb0faabede3aecec3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
40KB

MD5
f2e2eba4b782571449783f82f7a501a3

SHA1
ee55481c72419e7cbd303b16fda6492b26f4adde

SHA256
96fc40b2ee2a852144ade7f78ecff5f4c39cb164c4cebc5a4dd6032985adbed5

SHA512
8da746cd905f0ee4af4a047231532d07fa9f2c6378df00c14e976f9aefe70ad67923b0de398d9be410c310f4d03b0f8f12309ff7a809b7c57495759e61e38ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
49KB

MD5
362ecd0ead9c318307e63e00c056cf4d

SHA1
c77b4d3f1673eca0555edba659c1b5d7dea82713

SHA256
8f04998edef8125254bd3b4d5702ec46d072abcb5e2d2b25904135c2c8416156

SHA512
a263f6d377354a1e4476d1f63e8d037e8625afa2f7b603f5f4b0c41d4c56b0571a02d814136d24e49aa2c323c1d0c805837ec245cbce0194856c7c6142dde809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
464KB

MD5
4b0afc5a10298535dcdbff153fc0f1e5

SHA1
9e6f10b9214b1db61787465bd34449f68f8e2f76

SHA256
b55644929f42d4a23737eedfeb170e134d6059ed1d05fad216ea046b839f2f12

SHA512
e47d615c0a6a98e90ac758a2765f60aaaeb866e58b4fc7084821a8e7c8fb48de016a3493a376191550ad7c775903ab674688507d55698b89d5351ce8fa093705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
4e7c03bd5999e1a6c63fc91eb4225a24

SHA1
41db668af342fde5b73fd003b3703ff5b2882965

SHA256
05e1dfbd59e21f5511db898bb70b7bf57dc442a45044dd3ee342d8c260b0b0f8

SHA512
e4957be186913285152a329ce1a2116b079f3e61098560bb8f22c0e407728f50191df15e9f980c92443f1c0beed8af04433a2f561e6287f90673785f863e6f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8c4e2ed290c6449baff69070b0f359a

SHA1
7c0779af05637848cc60d1ccd4458f8b953f2a20

SHA256
7b195d3e7dbc06fbb80c86dc3f60a7c80bd38aea45be4c096aac8038e6351e91

SHA512
8f831cd875e7b189789123d90731bdacd38633f8745e22e7ebd71e0ffdefe6ada43ecbb9188105832fcc15c72c9011b8d93efd06944ca59cb05f28f5c3d59f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcbeaf689d4c65138337e7e4d76dd8be

SHA1
27a411f441231a0ff1b3a2fb3425a43bde433690

SHA256
dd303da8f71991bee2f0c4b8e8950f1b652b8798712e4bc26888bd5e61f4ac29

SHA512
0fc273a7d9c9e5a1f33fcd07a0340d0ffe4cac28a8d2405f8f364fc3ddc1b2d1157fbe03c2976116c2a78f30491b4974ea17e90f30392ba68751bef7ed09dc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea23d08c4c0089adad76ed92fd1a73b8

SHA1
a16a576e1c3fd0664c6d79c3c0e5ee2be4271f6c

SHA256
3a80c95b9473bb582be8960c03fee1b2d4451bc2b4f4d10460ff0aec98a144ad

SHA512
ea754ce78de21b23b78fb4639ccb5898579e0749295ecfa89d9769f28f263e51496959161e18f34c5f2d451f71dc83cea1e25f8bebf1878dba2732c2cd9dac84

Download Submit