a432ad41c5226ed3086dd86428f76e898d0df19f39002e3d1e4137f0da8f1d80

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 03:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f514f5e076c2ac2d76125da572760930_JaffaCakes118.html
Size

42KB
MD5

f514f5e076c2ac2d76125da572760930
SHA1

73eeb1838933ce4479c8b2a7411b165f99492f68
SHA256

a432ad41c5226ed3086dd86428f76e898d0df19f39002e3d1e4137f0da8f1d80
SHA512

2bad25ed0432886db749487eff9ead6e46da83b24c9c99dd0f4215ba470ed9e32776369225b66b1018487ae2ef9179e41723730ce0152ccbd0e3aa0a52a055ed
SSDEEP

768:r8EegAZyzIfap002POP/1PjWZlupVAGN08Wfg9wbxbvfbv6DucYVucpu4XRPKCkE:r8EegskOa/B8yVja8WrbxbXbCwzzdmJm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
3900	msedge.exe
3900	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 3016	3900	msedge.exe	82
PID 3900 wrote to memory of 3016	3900	msedge.exe	82
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 5040	3900	msedge.exe	84
PID 3900 wrote to memory of 5040	3900	msedge.exe	84
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85
PID 3900 wrote to memory of 1648	3900	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f514f5e076c2ac2d76125da572760930_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff904ef46f8,0x7ff904ef4708,0x7ff904ef4718
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18176705107820546352,5174395761493849740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7757aa5881d32607fd85202f9d81b7e1

SHA1
bed5c9fc5d9afea3b745694fdf516a52402c5506

SHA256
95caf799059e22da14ec889aba1ce96e557736cf683eccd3de634469c10aba24

SHA512
899cc09c6dd5c34e83f1f7746d066b4026a278b825aee8769f829a3e413340697a9eaef1d370848aed8ac5f42516f12cff5487b160e995d0a1e21af48abc21d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
6607cadec3e3875d0e32a5bfcd774a24

SHA1
ec14d01fd693547b96688bc65900479b2b7c721b

SHA256
ced3da136ff8bb3e11249d3d792eed3ddf537e9addfc444c93b5207f57850cca

SHA512
5c1ec2fa0a8d598b7dee7d7d3de4e426da7f857b5ba2c23af97f5544cb40b60f483db0ebf746548bcf59e357d1de000f0d8b5135a70e44c1fe418a9158c3457c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e48c987d7ea5b14f966928e2090d20b

SHA1
ddfdf9429404ca83633340fe4dc20ad03e1b9080

SHA256
8c0c49612762a0eb45cb5863140a3d56e2316b150570b425d69cf4288b204ac1

SHA512
25aeec140ae9354c0015c2e91ae6e164ca1f155d592d2075f7015994222298be9d390bf6c8b87a3caaf8df8412d582cc78e0688ccf75c755f035663525288067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a4e023d6ea0e48ea75582af1f2bfd15

SHA1
1c2e73dd76f8b531fe5f6e4d4ef9d03be406a603

SHA256
06dd28ed47a27a8cce225eaaf2fe19d3ea7b2700d6312182f617efebb688d261

SHA512
ffaf8269adecc7aeb20f8e82b7d5ea15c8a4d0d13fa176ad53fbcaf64b27dc90692e265950b614f3bddaab8e2615a6d628b20c138dd98c24913ebca618ad0f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9ad19fca076e27ffee3b9253fd340dd

SHA1
6e1553c24869af9d37863f8a1a1681afd90fa0bf

SHA256
054ad3e651b2aad26e6bde96a88e08dabde1b947369fb53f9c265d01ed3deea9

SHA512
c002746f788c3968aed4730c57d69068ea618da9d349961bd0f5f51c6cd512dbbf928ca20b37a30a94b028e62b0906b24ab77b33ac8d0ef8363e63926e851b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
761fec99d29b16d8fa50d700c75af91c

SHA1
4a9dbcef27eb0e83003b021dc34fcb7082cc9f21

SHA256
2dc098596049024bc35c58744913897ad572314efad8e5f1a0fcf330b6c3e51c

SHA512
ca85dd9aaca8b4c9fef6f3492b8db8b619033871d42430e0c7dc79b6f9e0b4c7a676fc66afe4d83d351926b5f050d244efc9b9588cf82cfd48480d3a8ab77064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe1e55d34f41a1e32f52416d676c7bfe

SHA1
d91b820ee92b8aadc38344f2c722c2ef1ed5cdcd

SHA256
6c95c7dd290b7b7824b0121cec76c30784d80266f9636c3fbd133bbe69db3123

SHA512
ecc05884badcdc8268eef41115151782c34b7c8e927d53278fefcd43cdbd33ac1d178389c585bc20539a32a163b0fc2a10fbce7dd216c796ea546e2dc7c95721

Download Submit