542a9df7604a6b597f73bd6e5b76d7664cebaa500227801fadbd7cceb5db12bc

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1163965636f7ac0a0c9644c5cc6d8668_JaffaCakes118.html
Size

61KB
MD5

1163965636f7ac0a0c9644c5cc6d8668
SHA1

bf8455e33ac09af4c9b6504217268e6c0f57ec30
SHA256

542a9df7604a6b597f73bd6e5b76d7664cebaa500227801fadbd7cceb5db12bc
SHA512

071e5d1ff3ea8797f5d26f5faf570995002617cefdf86d288d554433c1c92a72e29f34afb129ec9c1f031dae6754db34d0a7b798d05766c90000a3b54ccbd1c1
SSDEEP

1536:J5Tsfm03qo4mEF0JtnvzAqVqFodsBKqU5sfxutPe6cm6+jxGDQbr:Jhsfm03qo4msuvB5lPFcR6GDQbr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
4624	msedge.exe
4624	msedge.exe
4588	identity_helper.exe
4588	identity_helper.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 1568	4624	msedge.exe	84
PID 4624 wrote to memory of 1568	4624	msedge.exe	84
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 4996	4624	msedge.exe	85
PID 4624 wrote to memory of 2320	4624	msedge.exe	86
PID 4624 wrote to memory of 2320	4624	msedge.exe	86
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87
PID 4624 wrote to memory of 2380	4624	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1163965636f7ac0a0c9644c5cc6d8668_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8130f46f8,0x7ff8130f4708,0x7ff8130f4718
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4253224461522998844,2712839474782174429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fb0ab2aca3c2850c5400496dac4cedde

SHA1
96d2910548646ae51cc67af8a9b384cb36e9aded

SHA256
eac8a4b835de4fbcbc678d863812ee17e256b17ad520be7d15bb377a1ae4f1ad

SHA512
13efee3549649bd467c7cc61c317d78cf9724537013add3278bdaa2f4eb40490edec0a738e75cc881a49f8de2fc6ca1e7280ee5e40edccd2438cb52c0495dc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
6a7d79d3043ab828872b1056a05c9b01

SHA1
07604f51e3e27c116f63ce86bc2dbaa653e3f5d2

SHA256
faaccddf89d48f0d1b9a1b909223299292828338bd773a777b20ea4f06a0c5d3

SHA512
4b91794f4299bf4eac6a1d025c850e6b0ff7074d8d4f163b66ffa15e34a4adb6c8db4216194d4832adda1c796bb3e57bc8cd5292f46da3888cb66d6aee73bec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03cd8a7e747c763cef4185b4ec9fbf29

SHA1
7d485acc00b490f62e8c125a7e15bf04a5dccbc0

SHA256
19cb757d3e41d970ad28fc7b781cd7489ec3f6a2237a0d494783368cf7073420

SHA512
21e885428f9cb937e861643b90af5ec23c08d53edd37e07cef033e52412a4ef65fc1a36901d26e59a7984df5766356502cc8dc6ab12e4fdfca37298f6ff96c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b5f5587a77a6da56c3ff143e98b0328a

SHA1
0c64c3f1cb978faa02a36ffdb42cacbe0af3760d

SHA256
c33be34c781079ccc1782e69d780affad408b2eed70cda54cf30a98bae8f7e68

SHA512
031705fd98ff000b0795959f07391b64214b16c7bd755ece920d4c985bda78ab0d3776561d8b97312f7e8da767f9bd77baa8500957ecd0919dc3ad8576992191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
967399bd0f638063e1432da850bc5595

SHA1
f7b4728e755ff9d5be6aeeab63daab293329ae1d

SHA256
76e6d80c798c3e83a99039dcca283e78f0d4d616737b31e53c8bf5577aba5ce5

SHA512
ad0dd85412a901bc41eae5b13b884fa3edded500fe8d1eb73547014a97f8fe2250a4758e037398587ff1238a2bc93af21eac224dd9c074eeb63e1b6948298ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
049f3cd8b990f9733c0474d3a3641b39

SHA1
f8407094d887de68d3f94829eed3447221b78917

SHA256
e8f6f2cff54899749d19440c52da8bf2878d0303123c5d73ea81322c52a88ab3

SHA512
e36b83c1b2c1cd9172b5c302331e84314e67a7b8ce945de0f954e9a66d88c9f58c284d872d214b3a473fad7ab86e34ffea6890e87efa648276c0a70395757022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79c6c8a8aa0fbd3d398ce865d4cfd1ea

SHA1
d27d743ea1d259b0b165f7caed16c584c95e6993

SHA256
93cdc15b4e13a2b26ef09ba25aa08d40466160bc837efc5367b90639dd58e9fb

SHA512
f751327d31c33c99ad5b0bb86f7fde05965534a85042aa32f286ddc0757934211f72b362569bf60c2c5d5366e8c5ad873ca1b2679ddf97fa5c7e68fc4dc849ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9423fad89f6471d99fb106a05663e568

SHA1
a5d8c95f42bcb4b6b21503275f6840e0b526cded

SHA256
29f9c54364beafd09b59f127a7aa7da8a46a2c0b2ca11fdf31f4762fe95b3ffc

SHA512
458c5deefebd8790a2d71dc693e5507ec581b7b4f48653244f64bd040871ec55552165449a48e194777679dcca562f052ae60f8c289001d12acf37f7a333a24a

Download Submit