5c26251ee320034831c82c9376a6988ca05ca8fac64af667f8735acb2627e999

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 03:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d36cbbb7c95367ea5ebb6afff4d990df_JaffaCakes118.html
Size

28KB
MD5

d36cbbb7c95367ea5ebb6afff4d990df
SHA1

eeb83fb64e9739335e3171cb53db4047b89a70a8
SHA256

5c26251ee320034831c82c9376a6988ca05ca8fac64af667f8735acb2627e999
SHA512

cdf754f466e1c3b62c7d046246a2d22b3fc76dbcc50ab8adbfcb472ab1eef73083b5260d24cbe55c935a57567f855aef78e3997181f38249e07a83ee0c33ba67
SSDEEP

768:9bi4pE4xDpleC0jhCs4EELryU1qgNslk5Yw2:9bi4pE4xDpJ0jhC5E0yeqSslk5Yw2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3408	msedge.exe
3408	msedge.exe
3168	identity_helper.exe
3168	identity_helper.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 2020	3408	msedge.exe	83
PID 3408 wrote to memory of 2020	3408	msedge.exe	83
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 4828	3408	msedge.exe	84
PID 3408 wrote to memory of 3940	3408	msedge.exe	85
PID 3408 wrote to memory of 3940	3408	msedge.exe	85
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86
PID 3408 wrote to memory of 2324	3408	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d36cbbb7c95367ea5ebb6afff4d990df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ada746f8,0x7ff9ada74708,0x7ff9ada74718
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6493243676744238808,13343745855441555017,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
16648c85b30bbe10430e7811cff1193a

SHA1
24342bfbfa960cd9c4305e4d787be1a906eb63f1

SHA256
b551d7b1f3b7bc8933a9dcc49f91e75e857710ffa831d370ee4c36e01938d407

SHA512
9017d3a9271011bcd3456c9e650a66bb1444dd8f865fe148c1b5f0ce0443acb75daf15d60703365c01d61e1248fc333cdec50965fdbc9d4186fe2295ae1f60d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
413B

MD5
865dc7bd7c3be43310a78569f7001912

SHA1
c93555832f015c01224b73b78a2b3fd68f616b28

SHA256
c951133f644fb129a2f5a5ddf0bc3804ff8d476c6a2053fad8f4c3324b07c92d

SHA512
3726b49f687452791a67a4f9d2cb0f711565ee82ee4f5a2414474f7c6cc94bd0215ee81f80a0b75a0c65adc9b59ec8090b67570574ba5cbf9929fce4d4e9bec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65b69b74d63c870c33988f9b9ac07ed0

SHA1
9ab43c1dd18fe350791c7981553143940ce1bc8c

SHA256
0cca9076609e847f908d4a9bcf6c57c010208567ab24a6ca63f18d2f259aa72d

SHA512
49ec9f5b4034c44f34c6bf66fec4ac16abefd2f64d86b1a203456df3d6db7a3fa5e67a8d53eca28c69129c73afdc0fc4296cca0b7a73c6fdc4dbd7f9ebf0bb5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cf68af98989fa3b64f765c5fdf5c5cc

SHA1
a29ce87c8896cfb6a9e3d567e0bfc5c2c25ed4df

SHA256
1148116b880a996d988daceacb9bb447861e65b0cfd197fac0d57d015adc65e2

SHA512
8f2231f017c7185bf82b2b46bdac5553747aac8cd11be0d381b61f9bacf9f79aa89fb4d297010dddb27db62f706624b3a329b49699211cbf9fc487791efde177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49ed31a7e0416f430f2bf9080f5439c6

SHA1
f67f003061071b07938db2554dfb2693aa91b42c

SHA256
e6ed278a3711266406635c4cbf3b94568e1f8d7cfa6daa0e3e0637c10010bb8e

SHA512
c5750651b989788a7b2699f08dbe9a551e5f740afc025f615cf4e1142d68b96f44839572ffdc2b73083f21d2aacec514481d726badb7125e167cd57d9e322b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35fa0cde682ad88820945bb4a521680d

SHA1
9398907c0bfab832a0cd52e4e55d492485a5096e

SHA256
05e1b329d59dfbeffd0034cdeb9e6ca049e314c17059a1fefe716075e3188627

SHA512
0a46861d8cbb3a60fb83fbbdfe70955427fd449627f1206e269084e1ad79d05e84a3fb387b202222ba364686627619b735d7235d03e841d0f6b3760e78f45b0d

Download Submit