f10b2191c61007f282b3981301aecf14f56a8c5137885430ebe0d7517cc95090

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a58b28e8e0dfb0523650cd873e6d8c6a_JaffaCakes118.html
Size

43KB
MD5

a58b28e8e0dfb0523650cd873e6d8c6a
SHA1

6f4d6c0aa43b39d389a8fac9d5394e5d58d0a889
SHA256

f10b2191c61007f282b3981301aecf14f56a8c5137885430ebe0d7517cc95090
SHA512

637de2f7c11054c9e9312ee9c8170620c9f494f1e490758f2aed9cec766b6cfe44b9a03aac613cd323740a12340e736a1e69604756e9d553591b9d151b0a2acc
SSDEEP

768:nayHHvPWl55GS2XOFF509MUlFiL/OiCoQg2JwSl76up+:n3HH2l55GHXOFF509MNmiCVwSl76X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
2352	msedge.exe
2352	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1488	2352	msedge.exe	84
PID 2352 wrote to memory of 1488	2352	msedge.exe	84
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1484	2352	msedge.exe	85
PID 2352 wrote to memory of 1764	2352	msedge.exe	86
PID 2352 wrote to memory of 1764	2352	msedge.exe	86
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87
PID 2352 wrote to memory of 4300	2352	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a58b28e8e0dfb0523650cd873e6d8c6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4240270648230230367,8667330010186578140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5415c20c556f9420a339d9c47224e277

SHA1
06d113d38a36b0785241a1d48bb9ce64a93ea361

SHA256
f2392132c78d1a8ca4c13732309063279d51920f11cad71393a14a445f45e376

SHA512
c1950b5ea2cd1a4c1f68113059c09e2c3bba953027a58f298771a93b3d8fe3fb5f97097ac3dc771ebd4b523a3777ab327fa82d1a108d8f6385c33c188431fdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
454dfa90ff5f7f0157a4cc2029364415

SHA1
c00ecd3e7010f9804af39d63df2eb405136a6a78

SHA256
277dc3815fe6d2ce8425a4332801d02849bac5db3d7a4c0a030a816148501a04

SHA512
07ff8d905c1eabdb9b8d3f0f48464037cca59fffa5b5b0e8d279d87c415ba6e2b62137ddfa69580da6c5c9b868868a85d5892362caac16d9edb6fa08410f4439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
104268a8617f6d93a6460d81ad028759

SHA1
44285a8d28c50c3855abfea839aa464a440fd201

SHA256
b6158b7fe9b9c3a21f1f6564577c40a4334ebb6869e1e8c1e9c60cfa02e17b9c

SHA512
202c019f1a9583146cf3a7e38c77b33f261de9bee1a5dacb67bf5e9a73e32fe971c9b6299dbaad89a90d4df97f15bde1646d7aa9c24c38b16d1b0285e02b1bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f899b1dcb01b24567561e823578681af

SHA1
95c732de13f3624a58b4d88ae27219580f507166

SHA256
f424c6e7470f63b906780e77d04a1e0baf410b53fe830db31e1fcb6ba8a52627

SHA512
bef4d84b41bd03c5592b4d36075a6d726dadf52eaed8908e703e608806b5d291a22e0d4686ef016dde33927e2fa1690f08cacc73539253ec344c5521a33b7e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd21e4ab6cb480fd3dac0bad2b2447c8

SHA1
040d73029d4a06842a67e94470b7c60311e23e8f

SHA256
8240e91254d5411364ce1fa086d23efe66cfa5253c9f8f615f6b80ade29c55b8

SHA512
3f0d1092780a61649d50ab5301af4e0f5406f25dcf669b88a0259cfa110b4c8606c30ad91cbd6f56a60d98101ed080cb0dbca41cbdcf4982072c8f0471c4da25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e0ecb3dea680720526f3a088f2e0c72

SHA1
4897805df0afd581a6cc572b8d217910d76006e8

SHA256
5642758c5683302e0478ab932f67214d333508b3bd56b4926a5d1cda0a4117e4

SHA512
183775e1f4014717ca995e2d28deefbb1c6b834235e0f4353500174130e67d683d66b1092906a6418238e667dc38b4218ff1998e7195d41264551bd3603bcf9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d56b55fa92c11e89ed7ac05887c59415

SHA1
7ba88f223346efd7d583a438af780b5c7a1b9c7a

SHA256
1eb7782bc95e5f61f81a05074043542789e4a11fc990538fba1ac7db59dde3aa

SHA512
60842fe551689fc0ea025ed37d265486cae52fa2931a148b8350429b7367b692d44da5bc6567c7c7d83dc23c12943ef8d9e9c20fa77509f69a71cf5635757ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b542ca0f8d09963ac8012f15754137e

SHA1
18ba1f2096b90b31881ca665fd8b110089fd1682

SHA256
656fc15845fbe8be77e3022972d569c722f80144d319fd07820ecdb3e75ca07e

SHA512
66c98a71d813feae02a3cb6d2d72428a552ee5aacbd3cff57e787cce96be13571279752652fc5795ece694cf215ff3776748d18c8742fc1fdf8cbff6b036d4ca

Download Submit