1002f05cd20eb1dafc6cd75c9f93dc89caa271b3cf30419632671519d61b8d0a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5f89bdae5e0b83ea7f62409bf7d732b_JaffaCakes118.html
Size

126KB
MD5

a5f89bdae5e0b83ea7f62409bf7d732b
SHA1

22ede90263bacf59463aabafd6ed993095a3668b
SHA256

1002f05cd20eb1dafc6cd75c9f93dc89caa271b3cf30419632671519d61b8d0a
SHA512

71448c9df5195ba690a42f848a31e868938ee5635b6baff11f9f339f32a33ab832aa4880814384d24d67cf8be2eb5aad301d9f32707306f81b3eda79544d64a3
SSDEEP

1536:8x0ejacfHsrrDJNYh8JxYx9XG+6IAm/UwbrcWfAd+cSsOqCYy1+BUNesEtZ/c:59NY2ojXGIAsPbrcDd+cFVyosEtZ/c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
2380	msedge.exe
2380	msedge.exe
4292	identity_helper.exe
4292	identity_helper.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 3308	2380	msedge.exe	81
PID 2380 wrote to memory of 3308	2380	msedge.exe	81
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 1072	2380	msedge.exe	82
PID 2380 wrote to memory of 3532	2380	msedge.exe	83
PID 2380 wrote to memory of 3532	2380	msedge.exe	83
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84
PID 2380 wrote to memory of 3680	2380	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f89bdae5e0b83ea7f62409bf7d732b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb108f46f8,0x7ffb108f4708,0x7ffb108f4718
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5361998014284069786,14105396891852909327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
33c968f2ce38fa1ec5a63c0af38f44d3

SHA1
a13d7b456e6e6459635a43f8459fb212032602b4

SHA256
b66aa5d4b05fc3662c2bb99ca1461565c24c0a268100db5e9819f30ba1024610

SHA512
4fd2c4c99f86d3f7ea4cc79215b95b0ce6d0a3d9ad2392c132a911052217bb87e75cbe95960f8a783ced7b3be3baa4f575d973357b6405fae5289042c3a3b76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
13b086adea27ae406f12d5e9bde63412

SHA1
eb053c2fcf10d975e32aad061944abd4e708db56

SHA256
992a10a2b31720726f66e21d9fe3d4de6eed5699900410ce790481678aa33b7d

SHA512
4b95ebb65c26a3ae9f599fad717f646c14bcb3f4e622a7a7c8104bb2598a0336e500225738524c4433fac1c288f2e667dd2d07ae090a32db0356243ebd3aa564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd5692bf69ea051c99a9a879817cde77

SHA1
23cfdbb50b712b6a2f1e74b1c0715b6a18b2a055

SHA256
0fdd3c3e33276bcd4cf8c482aae1c4bcc62d70c46d1ae84b2c64390b89d71f2c

SHA512
4c2f5cebe7b828f8dae15a48ad11016c2ec42395a743655b40d46a8c76a4658f0342a1fc58b2c5cdd56eb1d11aa9dba393599bfd93bbb0a256ca8b1e2e5aa50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d17daee00f6db79bdd4cab1a51ed9408

SHA1
2512f3a9c8ddf45aaae4cbfedfb01b4bd84ecc95

SHA256
11c1d8b9c74065980bbff0bbcd15c4c6d08fa5c6082ae76103958243cb15ee4e

SHA512
4c572287b65651472724eaf37805bf123eb2d5aa3de5b4cf92ae0d49e8fed382d37cfd105d8b6e36c48b821504f4cd182fb2c4a642a7520769c8cdce0f9d77d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1c51ff82638c9180cf2e80fd7928ec51

SHA1
784cf4d11663b380c7c863b1a0e0e69ec09fc80f

SHA256
50c4f407d24a1c8b1ecaac7bac0a35fe7127992a5df09b9418e3914f193d2f02

SHA512
5182204beafbcc0d33d929888e3d024c3686913d7b5207c18ba6c40ed27708895ba97a391373e0e8dd315f4e31eccfda6a366a54a272757b0295ebf662ee468a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22107fb8ef0e6117ab4f2f826379fe40

SHA1
e8c4ec46939f7aa56e78bd926007926116ebc299

SHA256
914ab944dc9b7187a799479f0044b4736cb38cf6ca1c7ea799e5f3338abb8ec2

SHA512
33d87e76e316ac6dc6016847e670cbcafc10b731afc40604569524218c17f747dd33574be5f257f27fa94dc100ea64c34b75cbf8b1e84201ab31a1bea2cf6d6c

Download Submit