91816d65c14292d8203d6c5937837903d15aa9dc18cfe361cea78cf8ffcbc817

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08dc18daf5887e0d69956f7fea1d8107_JaffaCakes118.html
Size

90KB
MD5

08dc18daf5887e0d69956f7fea1d8107
SHA1

07d31df829eba90240c024ddc995c8f2f6c85950
SHA256

91816d65c14292d8203d6c5937837903d15aa9dc18cfe361cea78cf8ffcbc817
SHA512

6ed97ddd04204e4fac03df570d90da75246a331bf160890091cec5381dfc70c18a2c11b6280b1de63a1aa1808785375659e966485931d9bfac24ae4c0b729858
SSDEEP

1536:QgUkclpyJ4bFeDE4uYcrLLHNY4CsLEw5Q2MaHH4OFJTz6PmE1qCg:QgUkcloOLHNY4Fb3FVz6PmE1qCg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
4644	msedge.exe
4644	msedge.exe
900	identity_helper.exe
900	identity_helper.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 3484	4644	msedge.exe	81
PID 4644 wrote to memory of 3484	4644	msedge.exe	81
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 2852	4644	msedge.exe	82
PID 4644 wrote to memory of 4084	4644	msedge.exe	83
PID 4644 wrote to memory of 4084	4644	msedge.exe	83
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84
PID 4644 wrote to memory of 4712	4644	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\08dc18daf5887e0d69956f7fea1d8107_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff561b46f8,0x7fff561b4708,0x7fff561b4718
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16534406356133094150,6664468108398180323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f5317ebd936b9312df9e4ad23fb32168

SHA1
01bbc3844d4b02749207fdf0e5cec85ae2235f24

SHA256
ca179e3112b6a8a123b427fb0fe89b63918f604f0757e3795307f54a87338567

SHA512
37d0a6ab7490f371324e95eec76d38f4f4f0a1c6733680de404ccb6012b9977f5712972ba80b74aa01b2b37c3b000ad656178cad4abf2fe8d74ac6b136ef5c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fa5a414561f3edc3e67b2a10d056b77b

SHA1
4d959f0cb898d7d10fe47681a732aeb7e366622c

SHA256
4181d6a66e1d2a4141b87fec62bfa35f63dab00c92445f8018f1d04032e4c24b

SHA512
c1307d9822d39179f28cfab6d6f319af34629d2875c1bf3432703a4b80eb773126b3c507d54803f55bb4d4cd643e4a3f72b25fe710da3b02e8ba9e0a1c1dbe99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e37604bac35e192e4436c1355753baac

SHA1
6ed7c83ea33ae50107230168d9b3435cfc65e6d3

SHA256
3437467b2d87ec7a58ed7bfb1a82133f8e01dc9e972ee55c1f6e4baed04dccea

SHA512
193107a032e951133ccf6d6b10891f96e8e54fd7afd1d40ccc10ee9a5db9b13573c762419e23244d275fc6a5f034461a4afa651c271fea7a0e337608d0611993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8ba373d3039d462b35164a7c53f6271

SHA1
828a8c2879fada7f1a21d0bef92f2e052c6ac0f4

SHA256
0a4bd066a164ba8cbd0bb1b8ea98dba592750d6a3aa86ea7a080ae94bdfd10c6

SHA512
2998a117b02b1ad04d750181e49d5baa2d7d2100c6992a24d9420ed615a3537dc94143c41d8347a6788a949315077945719b75dd574c2dca4d3d2ef9dcf8cdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb98ee4a9cc0bdce1893c6dca8fda67d

SHA1
21c2d8ddf3e33af008c96329f2f884fc36b27bd2

SHA256
4b5bccd2bf49af7ea9fe24d8e658ebcf258f7d4b0e9b64e6a0d09b8410a81f5a

SHA512
d6445e633ea23d746291465e2442b2095f65f8a6fa42c5dc7b45d25a0c99efbdee93e0389b1c6c0cfeac9928b007d5b7ae92f54522dc845790d489103ecaaea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c874f19820b528c0b5a73cd6a22ecf4a

SHA1
7b1e6193c92b50385881e3461f8dcca88cbd83ca

SHA256
92c39a7b6030189b8b91936e23b735dfa422308a51df0a57715313b6e601451c

SHA512
623175adf237b1365b5a8b98038d30aeb9d5382785da492e9c488ac820632deff88937fe42dff21d73cb75adc60ea2610669b207a2910a82774a2b83b95264be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52c740a6aa6c4e8fa214488544abd630

SHA1
fd0c89e1ff2ba7d1ec0f86d802b91b2072a3f145

SHA256
6b6588fbb708fe804c941ea6486196bd2d1ccca2e41f501c001ef95af29346fa

SHA512
ef03bfffd366653e3bd45438ed54b22fa8b384a1b4ad01c927673a3d9ad0dc1923da8e42f37737d3f1835335941b0788dc3d255899b9c0bd1012bfb34ff237f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33ba239c47e29603cc853f30bf2d5436

SHA1
be9085dda9f9db9b955fd7942b4e77edc3bef859

SHA256
086fe0130479d88c90b1f971f9f8b35a5b1b6485517ac24af8e145080b6b4c8a

SHA512
56b40402b2a7e7b09855025f94469938e3ba4d0b0dde36fb7bf167cb684f3b9107123e7e6c637ba9bb265603492fd9a73acb6e3694ddbec52623cf547ec9fd23

Download Submit