84872f2ab3e03074e5f62b5f7424c83035783845780db6018a38d08bf4a0f571

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e89703007362470e63372631ca381961_JaffaCakes118.html
Size

387KB
MD5

e89703007362470e63372631ca381961
SHA1

a31154605fedb6b54fdbae54b11bd4da669b04ce
SHA256

84872f2ab3e03074e5f62b5f7424c83035783845780db6018a38d08bf4a0f571
SHA512

f79860b1162709e4cb73ccbbbc942106988ad0c216233fbc9549679082d2f4402d2dc10d1d904443bd83327d4431593bac5ac542c5f0ccda5c7a974f8caecb90
SSDEEP

3072:n36HWv4hPhorpEQtW2fhOBDkATIWY7RkTPSHSeAJdM:qHWJrpBgFk7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
4904	msedge.exe
4904	msedge.exe
1580	identity_helper.exe
1580	identity_helper.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 4768	4904	msedge.exe	82
PID 4904 wrote to memory of 4768	4904	msedge.exe	82
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 2240	4904	msedge.exe	83
PID 4904 wrote to memory of 436	4904	msedge.exe	84
PID 4904 wrote to memory of 436	4904	msedge.exe	84
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85
PID 4904 wrote to memory of 3768	4904	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e89703007362470e63372631ca381961_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
1da8deabd421929fa1a865599f43aad8

SHA1
88af7573c39022643333f85b523a329cb6448675

SHA256
07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685

SHA512
0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a2e98b0d28624e11ee97253f9ae999ca

SHA1
f21a2f6d3817fe5659cea808fbde041954b873b9

SHA256
3c56a0f33802bfc3ecc694c3ee2b9821d897d8c958daf23eaa6d9d584aeb997c

SHA512
3ace1cc5402dc5be5967a38a1f947afc74725d6ba00c85b7fb17eb780e6d8666887fb56333d088a91bd391f0aa9cdc63c0f94dd869ab2c1a9c1436eacd9dff5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7736ab567725c827912b0d28f482d727

SHA1
5faf9539fb535f14e1279b57e620c6b4789c2a80

SHA256
37eeb4cd895eb5057601093e443552f9461405845ddede1e0d127dae388ab19e

SHA512
48fc7d22601a4e780630366257c8a5a434519d33135537264eff0b3930d47c630ea40f7d65f0ba2bf4d438b08082fecf7a8214528fa7fe330dbd9500054a6219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8336746044f3f9153224e9294e883f40

SHA1
8218e76fc7c2aa14282f3107a2859b75265c0b15

SHA256
747e96f00020cb4949df8ca8fef43842b5785da968f8bb10b2f5c3169bf48ccc

SHA512
a18417483e4ea10f7c12fcc9c3e125142044acc7980d50eb997bc966952c87010ab29b70cc85887d9a1b4cfd5f24aa40569a5948f67170081404328ec8ab262d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74cc4b1dd9c2aabd31df86d0313c2799

SHA1
4507b8d62ff58779b6c272c613f178e59e9f6f0a

SHA256
3348fcb5fe2723ff5cf29d31f942be0d90d4d5efaef6ba8b8bfd9ab096b31cb9

SHA512
6a45c65738257f0ccb28efbd7bf4dd1d7b8573cf9912677fa9d94cdd3d0cbb1bf11f12584d3d5cfb046edd5cff659d20fc9d2f25c2428397ca8eec9a2d79f4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3d1475f96ed250b8e1d32938eeafb98

SHA1
c12c8c26cd44c7ead775add82a131574ab155a90

SHA256
dfe724abab8d46114da354420f19749f897bad458371f8ea705b757ebfcc1d7b

SHA512
be006cb7de73f158e34bf5caafffe111f04bfff3a87082bf8d539395152a0233cd0a6411892b344b5924de7ef4f48f38dd36bdfa1926b3c69546fafd8b019a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4191f6bb4a81d0d2aba7957a1cfc4013

SHA1
d224da2706ff87b776c3435d77306c22574e5a53

SHA256
eb2f5806529aa665776103aab913fbc01abe3a407191f41bd132d534221a0ead

SHA512
c18eb7340f70e2e06a16826661af0120fa23939db8f03026bbb8f4e87ff5265cb268e4fd91968b4b4772db6a2f7b1918f7261335eb20dfb505dc2a868a3b0537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d603141a037e1693c67453753e364ba0

SHA1
ccda4ed60a8a82e3c16990e05479eba8f4792894

SHA256
7d6b31428562606ac30440e010fd8e541e1f5837990d0698ce82123522b67d49

SHA512
4337fb1444592187f1b19ff47e474d0872b602cf957f6e716a518a4c4309041344a89f15b5aaf1effef87a8b504b165d8e0f1f898192389e3e85816c5685f89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f147beb92b0833016a47a4b8e080022d

SHA1
b436fb6322d1b355444f50cb3a3411fdf017719f

SHA256
89cfd23aa6871b9019bb5c5c74ba6a925f98af232c542f4e68079f25550f2779

SHA512
719e1ff339dce770f3121f24ebfd895467ff24d7fd36319a8af1e0292d77e1119fb4565af548b3986af29e7a78b68d1589197d72114f9cc83282ca4cd474acd1

Download Submit