8939abad4b2372b87d17c5b27077ab753597539feea6556b07380ae36c721bea

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21eafa7fcf1f4e3cac17b2a51bfb2955_JaffaCakes118.html
Size

100KB
MD5

21eafa7fcf1f4e3cac17b2a51bfb2955
SHA1

a661f86f7d6a9068bb34b1455589a17d7cec5016
SHA256

8939abad4b2372b87d17c5b27077ab753597539feea6556b07380ae36c721bea
SHA512

57550f1de3de1a8b850a1a2dbd02a98c4ee7d98dd3ce216a2e0bfd5b52b68838aa1c3cdc8c2561897f8ee523f5c70598e3932c18bfd32f517921675945161a6a
SSDEEP

1536:u2qgT1jOjyxPmvDM49pS5J73RbMF4wtTtsoEInDA7CrhFC+lIql4KxaSm0W:VxPmvDMwov3RbIttsJ0C+lnxy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
4596	msedge.exe
4596	msedge.exe
1208	identity_helper.exe
1208	identity_helper.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 1004	4596	msedge.exe	85
PID 4596 wrote to memory of 1004	4596	msedge.exe	85
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 2948	4596	msedge.exe	86
PID 4596 wrote to memory of 3228	4596	msedge.exe	87
PID 4596 wrote to memory of 3228	4596	msedge.exe	87
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88
PID 4596 wrote to memory of 3516	4596	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\21eafa7fcf1f4e3cac17b2a51bfb2955_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a92546f8,0x7ff9a9254708,0x7ff9a9254718
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16369958531030014225,607312512148187812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2cfe33deeec4812bb6854e9f0ceec452

SHA1
b89e23fa293acd6843173cc076362e68d30555c4

SHA256
ade0aad40119fbab8d44b1bad6604a035936ac4ab0cd1ef5768591dbaa9e3aaf

SHA512
a2a6f175e159c0f07ba9db35f5c50608f655b1b6e770426206783be66c0208eabf23afcccfd80c556bb64d465b9c4006274ea0bcd4e43b5253d9711a0116c385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
833c8814c35eda4bb10b011a604cb02a

SHA1
abb26b3f2c523c79ce720dde111b9e9a62494d9a

SHA256
48697f7a8ecc9ccee9c227e681989ad1e3be99b7f4e17b4b8607e01517311110

SHA512
998b9c030c7be3f6442a26e525975ddc30417fb502e72f302cfc4dedbbf050351a043e5cd4aa8b25a62ec8667dda6b36a4c673b954484580d71adaec0a490ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6ad83aefbfefb513ce16f98302e0bbe

SHA1
d858b4b8d82299483acbc9a5e17fb52c8fb7c603

SHA256
20ad6465c2f35ea825d0fad3dbe4f23505a6ff53d1cd2d9b7d769e1f5f456fca

SHA512
fcec77075bba2bf3ae97f4134629989ed47051d4a7538f8918e345f2c34e2840b3dc2a82294d29e8dbfe5660e833aa249e501dd7d580dbc7c08b2f73a69b5567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
33ccf6adf04071fbbabb8a0cd2ea23d6

SHA1
6164d2d239ba73e07683b2f25c03d94b2e7412df

SHA256
869ee81d945492e5f387df1fea5da816c82e2eb8c37545a4e8972736e10273dd

SHA512
3001cedcc57d99cee279882ca02276b8f0e54f8baf363a86dfa10e97958e36a9767416e59108239ef0dc6e7dfa3e5d87d17f731954410af79e710161bfa354bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19a7b8071052adac1d5ab273e7ecd9c1

SHA1
a37da5e33326dde008b23d9cbc6b532439b2829f

SHA256
f8a8eb560b306e71a804f43bd5b5ae2b15c2fe2f58cd43778c27145b695fe565

SHA512
9da803dad5e56b9b8d6689f10dda058c06a83aaf229cec9b4aefe4ad047b404d8373bcad584ec233ea6d7cd0e75f81fad504c68b6bceefb5ed28143ed0c71964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b77375324f3350add2ee843a35cfb92

SHA1
322ebd289461ab2368918be7d28211d01e8b2e7e

SHA256
c8e42779593810d03cc883c12aca55fb6cb82a534f724ae8e222e2e72808402d

SHA512
29b15ca9bca1713a76a4fa05e24595c23da5ea90b8e5977d8fb273a29e29176067d39bd86e798f84705f7c78b8b1196becabc34433d2b6af1eac7cf4b255f189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
727edfeb09fa1225e7372fd33958d786

SHA1
95da8df842b38eb915d8a1ce71a3277284cb172e

SHA256
bae35dd651efdb4914a79e435ec030e2e3e702651f8a5c10aadb6408f0134346

SHA512
d0bd3881dd1cfc46c5218022280ca8332937bd1093c92dbc2dc3236c659d17d4d7a9a5c18a1142a7d73bf03503133f41f2f2a6096eef841d8995794cac1d6d5e

Download Submit