657e858ddb147ae83162f187e1428f5c94c80074c0a73e19bf1dadf10c692b24

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f84e1f95f6348c8675186775abde66_JaffaCakes118.html
Size

175KB
MD5

63f84e1f95f6348c8675186775abde66
SHA1

7c1a2143e62bdaf41b865914ca86c16e3878457f
SHA256

657e858ddb147ae83162f187e1428f5c94c80074c0a73e19bf1dadf10c692b24
SHA512

dc7c9f35779dcf2b8e207f50f7f31debb9dad6562296911c13242695ed0223992603673d706f377bbd608c17a32bf0548aa6e7561ab7a1a13d3255ad088178a4
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3rGNkFuYfBCJisd+aeTH+WK/Lf1/hmnVSV:SOoT3r/FHBCJiNm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2004	msedge.exe
2004	msedge.exe
3728	msedge.exe
3728	msedge.exe
1256	identity_helper.exe
1256	identity_helper.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3728 wrote to memory of 3272	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3272	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 3640	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 2004	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 2004	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe
PID 3728 wrote to memory of 4968	3728	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63f84e1f95f6348c8675186775abde66_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcda8746f8,0x7ffcda874708,0x7ffcda874718
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
2⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
b5dd603b0483fc9d69e834562993d216

SHA1
5c25d954a258205ae46fd441bed75ab8cd74061d

SHA256
6179d3327c4e94dec413bf9580dccd46ec6d5c7764da9fc6d965784120d86af6

SHA512
7ed361c3e0688bbba2c4a781d46cb60623a1fde88c16e66397fd69f00940dba23cb6035df3675e281cd1fa9cfe2492935292a86beb9fb9cbc4722e74c08c9c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
bfd581afa6177a5008ca41a769f95ee1

SHA1
7b963ed831adf9696a3b56c5fdf2060ca7dd13ca

SHA256
439142ba6d40553373b8c33fd2dea09d4e9d4708bf478bcf5fb8c9cbd56eb73a

SHA512
ceb846cbffe66388e06449ca58ed50dcb571d45f8d8b062e3d4d7703dbb87fc3d67bdf42a973704f00c8aad1910381e822f7ccfe0ce6bf20883aa008b7263b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
769639269c2422bf8536176c87fca1ed

SHA1
1cdb88c2d2b572dee936ef13582f3514da20395f

SHA256
fd3f86422eae7eb30431fedca2e7fb0b8d6c55572669d003aa681415f42d103b

SHA512
44ce3e15ac00ceb68c229602f4bd712e7bfcfb5a4af23e0517a0ab6088685dd2884701e3a40ee42485fc8f0bd3757dc3cec15c98e973caad6aff09e0a3c95a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a932f55b46a589e49e95c8454e447862

SHA1
98eb10bdd6fa1d3041519b96022d3e272d6a636e

SHA256
e4d5e19039fe7b8aee2825c3876e522813ec19a17b9b100e01b1378ecfb211f8

SHA512
aec32840499030282a0db8ccff827284f3a3bfb31bd10b13452fe720f6c745f0ad1520a2fed9aced7d970f068e9c3193c6f98746e35c20f99366c240562f8016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7faaf81177d68ef6b00c6b1544eac449

SHA1
7fc50507503e6cef2065dc4d8a3733df17b2639f

SHA256
076250e75a3c75f2fcf3eef34a599c6da912540583ab594832b16797a99d05fd

SHA512
fa59918c688c7719949eb6bcb683146639607354ea448ca780520d15df6ce669bbda6482709c8f27a1c5713482fa7a7426280f199971b126cab8476d181360a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0e6c795bfcfbb59a7bca53d3786bc699

SHA1
62445754d6b3d4dd493fbfeb6d14152d1ac5c5a3

SHA256
ac557b632a187d2048779931d3a326aac6236a0de773e750ebeefe8932a39187

SHA512
0edb685b573e7140e56e405d87ace704e21020309e436748b5a38042cabe3a03bf3c887290171485ba801fb2a872c561c53d774ac40a9d5d23142a72da55483d

Download Submit