325f106480439b0a5d701afd1920e0012ab5e4dedfc1cfccf012351efab9407f

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c01c0e79f4a06997a728287062d7c45_JaffaCakes118.html
Size

83KB
MD5

2c01c0e79f4a06997a728287062d7c45
SHA1

12de0233d5fbbb2c9cbaeb8d6799cdd0bfbc540d
SHA256

325f106480439b0a5d701afd1920e0012ab5e4dedfc1cfccf012351efab9407f
SHA512

46c5b47e0be1e39ba30e25782b923e5eefa47e2a97fb44a46d6604dad7cfa138d25e4cc1845e58f34555a26f1448526922f6c43f4d593852ac3aca08420da5d4
SSDEEP

768:KX8Jrpje0moSn3CmH0kcTCIhP2XLOhzXipkv169t/4IGaZI7IYwgiNg8xhlv2/D/:Kipje0jN5rP2XLOwBge5lv2D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
1156	msedge.exe
1156	msedge.exe
224	identity_helper.exe
224	identity_helper.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 3384	1156	msedge.exe	81
PID 1156 wrote to memory of 3384	1156	msedge.exe	81
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 1840	1156	msedge.exe	82
PID 1156 wrote to memory of 880	1156	msedge.exe	83
PID 1156 wrote to memory of 880	1156	msedge.exe	83
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84
PID 1156 wrote to memory of 1476	1156	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c01c0e79f4a06997a728287062d7c45_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,10243586310936374549,13008395362957983169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cd49301e6841ab2aad23de713a38f3b2

SHA1
7eab28bc134d678ae903dd222ecfc9a1dff6bfee

SHA256
d67352047658f484c7009cdb80a4398a9a33362f0c9d458ec7985526f248847d

SHA512
e6d2577e6944faafeb14c5653ab5972667726583acdc084b035e9a1181274633b6443b579d26949f7bffbaad1db83949b6f8fe5d5229dc18107b157c9522f15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d25253cec73337e8b074a7c042c9f838

SHA1
49b358153c2e9d1b49995fffc850ae63d1769aa7

SHA256
23dc6247e2438a9223b8de217cd38c337944d8e3d7344d8b501ed801cda9db41

SHA512
76495b2f997747827e7d0a3d1ff0bc4b79fdc74f0d31c37622bcbba38379a4de307e4f7999a6e10705004f451e1fdcd2515c1fc8b9af966a2658a10c696e2f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20c12fcd9c7e7fca9ca91d8643bb715c

SHA1
ab0badc27b70578a2c390795e45f469f7016a65e

SHA256
1ce2dbc940a7617d308f2f83fa53b2cc17418718b9f984feeb7d0272dd96b804

SHA512
96be9b81fcb508563820d24848852f20dbf8b55c89c2f826e310653112d4bca2afc3d02a759b867050aa63c46c82a74de4a0c72bcbb176215542f4c6d4e94daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9af658e2a6a20f39915db4ab4573ad85

SHA1
93d6da338f7588db89b103a5ceee0bb480fd83f6

SHA256
1fbd03ad7b11bfed44107f3d286f8084ab909a675e76ce2e95887b3f8eb4b640

SHA512
fcc6355f5fdf46a240183e26d8d7b84285c85e4fe6e6369ef3c410efa9fb72411e4dc1d25e9e1487736a332491b1413c232785ce2291663f466e439978717b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b59ff768c95cd5cfa3495609042c725c

SHA1
750a53f128b073e922e0e85fc00c4b73a9ce87d8

SHA256
34bd6fac0d936e608f9cdab20549007c3731dd71a112e4c39c64a986d94ab236

SHA512
75d8919d119fb70e23676be7b0ebc10a4ba5cc2dc759acf0b3d3eb89310a96fbfee0142f18b1154abcf853bc4f0228148e979ae9b37c42ffe8e78301ab8e9042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34a67603fae5c3a42247c94bfa25d40d

SHA1
50b330d1231b86ab6e4e85399928d69696eb4e91

SHA256
6154efa96c8e59fdca8105acb6df0aec05ac4d85e96727d4b86f2c7bdb08dcd2

SHA512
9b5efd80ecf98910b4a625fae70f278508a12ec86bfbaccf11860e3991c7cf9edf7776b093947a185ab4d0005d1b764741609ab7d708777c94f3bcb65b4bcc40

Download Submit