7b3e884b27d81b909b40d01aee98eda39cb30a7fc6d120bade9c8aa9402cd3a2

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 23:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3d0eacbd6db0f4f5202484e652eafb1f_JaffaCakes118.html
Size

59KB
MD5

3d0eacbd6db0f4f5202484e652eafb1f
SHA1

c87584b50e79cd1c8908dca1e366dfdbfb01b638
SHA256

7b3e884b27d81b909b40d01aee98eda39cb30a7fc6d120bade9c8aa9402cd3a2
SHA512

b48241436fde8057572e67c83202eaebb6528f0d34191eb1257826c9e373f65d7a1dafef40c7cc92c2807db65cde82c3c67ba4f27039c67c5356719d3382a124
SSDEEP

1536:XFSk4hMZtwmHtDRHv7ob6OmOwgO1z1TCIJKMtX9n:XFkhMZtwmHtDRHTc9lwP1z1tJKMtX9n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3548	msedge.exe
3548	msedge.exe
4232	identity_helper.exe
4232	identity_helper.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4024	3548	msedge.exe	82
PID 3548 wrote to memory of 4024	3548	msedge.exe	82
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3348	3548	msedge.exe	83
PID 3548 wrote to memory of 3284	3548	msedge.exe	84
PID 3548 wrote to memory of 3284	3548	msedge.exe	84
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85
PID 3548 wrote to memory of 3596	3548	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d0eacbd6db0f4f5202484e652eafb1f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc4c46f8,0x7ff9cc4c4708,0x7ff9cc4c4718
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15160637390887784045,12791055044399269915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
041da40ab05706a3cb505461136f7110

SHA1
176154229db0c42e876232b2fce9babd64e6ef0b

SHA256
33af9ca726d5771bb8f25fcab2f753bf7730fed3342d37c16f947978f70b8da9

SHA512
7289977911cf9f5f02bcae95863deadac1b4e2af02f3424c1e5b176c88c94d6d8e8d8de6121a8c9b6dbedb43a50f8d1e1df7d3c1d4ba52f24bf280f892f6d4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6a44b807e70cabe2e150f7cae369f621

SHA1
021cd4d20a2dd63562d96650aa9950e33b44bd94

SHA256
9ad0abd7f2a498d4d21c1f059cc4d69cb0eaa31d0bab6ff5b1be926902a70bfb

SHA512
4c24810870851b1fa0ba73632f02fc5e111992cc0f2e6e4db08e5ea1d8bea319ad60c0034a811c5ff5d99206f9838cefb0f236bb6fe40ca5036e539f471800e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2687f330c810f5b7cdc30c906795ca5

SHA1
3e32537d76c4f9d8938fe3077e1e3d25ebc2ea88

SHA256
3e6800fff9fb6882cf36d66a0846cfbb9ba146c61675c52d612198e207422f0c

SHA512
cee2c8e2b088b3600be36c1f4040c9f94acd32a5ec87d69a3cab3e0d0654980bbe1dc707b11ad36320e527acc5ec80cca793b004d7bf6b3b257ad26c0bb6a2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f5c075badbe76846b6f355911a51ed7

SHA1
858701fb55785930a4f2c8a514a0e30cb1e06fd9

SHA256
bdcb6895bf77722c9d4f3e92b18a47ea3b6056372e8e80ae5e4bac6f540eacac

SHA512
e027c00a28815c349b5d783b2a1e9ca10b3195754aad17ddf6cd9049bae201d8a41d60bb2d12f41268e6e7e1edfddcdf3f8db42fb96758bb0455d657f7972529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b81eef8c3057ac3ddb17b4631ddf7d5

SHA1
fa0ec6da528c8abcd26f7b4db959d4c820ce9a28

SHA256
2f898656ade44585b216a74499b11755c922e19fca0505e21324cdc20803047c

SHA512
3112e57efea6970f42ccf2274ae6b9ec6cfcaeeacda244f22a7112b528c30eb6fe59e170722894126ea6168d1a04014f442314cae0fb782e782fd6bc2b3bb832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64349bb130a2dda60f9361efc288d69d

SHA1
11dc7da26cdce94446d80c7ae41aab74686e4a43

SHA256
a770b6f130ef6f4166ea23590f0e9600bff7b1168278abe7765a7987e6cbe3f4

SHA512
45bf1e114776989e2274bdee6868077950619b2af19e259a5374f4dfbb31c030c442f57820258bdca9c4ff047be0c2374a34ecb475716577fc709cfd23fe8517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a6642faec466e0cb2842903ddf402b8

SHA1
d2340f50ac8439d3b6c1522d94b6e582aef3126f

SHA256
5440280e4dbe032cdb28edc903a23d2ddd794f367048685325e23061adf8efc9

SHA512
81140c629dc49fe5e76071be7d41bd326512b4b109c27e4bc12b2f9a9a8e4632c8c212c4af772f9b566f41fef291f6ec552b0f4841b64b0d0ff5b0a63a4f6fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6313ea8c5ea7445aed0f74980434eb92

SHA1
cd6156b5d1fb891bdbad95f5baad7f1c81630241

SHA256
890ba66f6eb6cab0e86a38727cab0d5c9d5573408eb5945daf19b333e3faee75

SHA512
f69789a9732d4011c4d0e440cc68f245e03bbcbbe788eb0eef84767175b25f2e03369359e963aa42257f15a2139f8d07dcda47ecd225e0e32168f9db6be74832

Download Submit