4313637de76fdd66d7980cc72e0b8e3a4dbb4818a725b5c08667855e122e246f

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaccb0111e4513a52eb7640a171c1d4c_JaffaCakes118.html
Size

114KB
MD5

eaccb0111e4513a52eb7640a171c1d4c
SHA1

494bc06c85f8555b909b0adf289d92ed66b2eefe
SHA256

4313637de76fdd66d7980cc72e0b8e3a4dbb4818a725b5c08667855e122e246f
SHA512

96207f0fb05041a950f78a033cfa6bf8ef738bd95f5b87ed764ec034a0fc5229a66e88ee9901be761c05e31528afdf8c64e3fb4a8745c1eb36da723d998eb340
SSDEEP

3072:YWHYtJ6rHfgaToXdYsFZjmDoFtBL0xA70Klr67OI:YMoaToua67/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
3248	msedge.exe
3248	msedge.exe
4804	identity_helper.exe
4804	identity_helper.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 748	3248	msedge.exe	82
PID 3248 wrote to memory of 748	3248	msedge.exe	82
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 424	3248	msedge.exe	83
PID 3248 wrote to memory of 2800	3248	msedge.exe	84
PID 3248 wrote to memory of 2800	3248	msedge.exe	84
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85
PID 3248 wrote to memory of 2952	3248	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaccb0111e4513a52eb7640a171c1d4c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18391004175900741206,11753739123167771108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ff8ad94dcab2d73e41b3c4cdf888a595

SHA1
dfba2000509fa18da0d6f9663c787f3cc0536d77

SHA256
5c001babdcc33160cee8b6d26cabdae8f8c93bf175f9aa3363d0f70e077f939d

SHA512
d77fc29c1bf16739237ee372ff8652d03ea40795906f39b9ceb9db5eb97026fe97054a6afecd805ce6f5dec0308da877e5b4639998ef5d69cf795e7ea95d8837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4d6289b7bbb2d686bf9303e611d5514d

SHA1
e089c2d1572658f6c1b90ae4cd8785f492e5c0a9

SHA256
c62e846cb6d1cff4cd20674fb182ead9a6b9ea8040bd8cf757b1914d44369316

SHA512
58951d070492c8da0e4b76b5c0a78cffb6bc74737c45002e36ba2b3d2d5920c77c9dcc54f353a00a88553bdee543d060098de2f24b201296bd0d95fab71716fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d1029694aaf5a1296e2be92356f99f9

SHA1
dc7b498b987541b71f6fecc774b8760f56ddccc1

SHA256
c9f884aff5a8ecacb74eb9aa6f0e257744f0b43b1db5bf58bea1ff33bc633e61

SHA512
ee00124fb9a07b0b30f88c90314678b21c61ebbe85c440110c7d80f6b418e58d4bc444e5fdb8ed8c6f01597301c46c60c1af46085c81240f9e6970d9c6585fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2cfa119685182bb1142072c73e3267c6

SHA1
89f2a1130c99aadbf38a14c28298a0c6a915faef

SHA256
d2ae6cbda71a7a96e6cde21580cc4cbaf636403fec19f852be4e935cc699b199

SHA512
a95e3167aa4e7f892682ef439bd18905fc74cda0fa8c4b9d5ebc4ae77d33986ee72b82e1d13500bc8f431f6468a15f6ae0fde2257f93f9ccaf2352a1f2c617a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f0f618e6dd14cfcec2dc954c6cc0cee

SHA1
4c7d77830091d433789a2910a34cf244a4785c40

SHA256
dc3533e122c0b91fc776535cc9182dbb572c7f2bc4cc1fbdcbc2dec879a2f552

SHA512
61450311c1b0ccd0f38d4463a34458d0a8fee40bccaa1b30ef31403efb278cf9670968a278a6453b0f4b0012eba7402395f2985d41a493514a348c69d2568a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d2fcca5c4514f2ec15423d8a3aff1d7

SHA1
a9db0577b0747d0d320a2a2d0bbb848f064009ad

SHA256
3f76473671b0d397047177cf7de61421bad8585f67e522968ddb1e67dbfd4a4c

SHA512
0627c5468aeed81fc8e1bf91e65479a8278b2782736b00f840017ea2af3dbbab63fb4a1410e636241d0bebf2c19d1b665645ba290a81df18ef7f84bfbfe54514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
396b6ad288d381b34d1106033f8c5c5f

SHA1
e74d06d2da63c92eaed8a9138db64a5d2c00b7d1

SHA256
12396302971a2406482f526cddb65e83995916db8547d2b451bf882b55863610

SHA512
84f8c6321ce398632cbde930e0ef0614739030e1cb4f01cfbcbb70ab41929a648111ecc23cefc5cbb31147846c53eac47367a5873d222a874dcf6036930bba1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b3e28fbd338a61a2730a73a4621a705

SHA1
953d9395aed0c8e1a4d6433f410c69e2d73d1f09

SHA256
fd69f7209a8e51c274a73d0c35dc80e79eeb59dce7715d251e0968197d1a04e4

SHA512
87e8ed67fed1c4413ca04b63484ccbccfa6e69cc74896b49abf415afa2aee66f65a643c512cf7005a8eded90401a44bfa4c0e3b36a02c59fe213647e9bd5c73c

Download Submit