005511d91ae95b3260bd10d06061bd87e27110b2b1db404528e31e3b61260fbd

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6757246f2a07db216efacabe9beccafb_JaffaCakes118.html
Size

149KB
MD5

6757246f2a07db216efacabe9beccafb
SHA1

229d31d6cd19ae5a87f4847d117ae2fe5bd7591d
SHA256

005511d91ae95b3260bd10d06061bd87e27110b2b1db404528e31e3b61260fbd
SHA512

a2b400eb7b1aa65e6aaea6129e297846497e2452fb6e5f565ae92516a89c0edbf4d51fd63114665ca7782376e11b669ad871cb5a01db11f2e544579d966c1105
SSDEEP

3072:+HRcVhIVs2LQe2U0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRSxrf1OHLEpRkR8w:2c7J/jXmNR6RkR8w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
764	msedge.exe
764	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 3736	764	msedge.exe	82
PID 764 wrote to memory of 3736	764	msedge.exe	82
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 4596	764	msedge.exe	83
PID 764 wrote to memory of 3188	764	msedge.exe	84
PID 764 wrote to memory of 3188	764	msedge.exe	84
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85
PID 764 wrote to memory of 2212	764	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6757246f2a07db216efacabe9beccafb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16851602135522215150,15394266060767501888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1f5de2136993a14c3977aae95849d12e

SHA1
011bb0c4a11525b241ce70fd5aa1761c3fdaf3b2

SHA256
762578e46589d69dd569971222e6b8e0d346aa426aea303d9efa1b09edfe61f0

SHA512
0286da9d5db3dcc06ba29a711d57b1b754787964f8538215f4b712ecb996fb63c6d2f4d55febaf66cf84ab4c8e3fcd3bb998fdf20f3f5cc7307cc50f418fdd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78ddcf54ec01705990c5c22a76957296

SHA1
2e29fa139b04887ec92b2935d70c1c0b4e4a0d32

SHA256
fe6432cc421ee9a58f098a65cb41064adf6334ff7308b53648bcb0ec41b2475d

SHA512
465f6823120b3d79b8e5d364f9a02bcbbd5594231124104ad2368eeda71e63c536334161c4705d0b63e0efe3acddf0692d22f22754fb617b11113d57e9880830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6319d7cbe4e9e5ef1ea910f682593d2

SHA1
2cfcf48a2659a37705cff52fa7ec11e3ef4cee1d

SHA256
9d6f21fb69e47dc339f0959fbbaa07e3b8fba8f0d928e18272736ad21f520432

SHA512
e4c9d5c5275a30a3944f23bb93563879d1bd0d52b51310e436471fc161f98e1b69a704777f4291017367bfa769fcb2d8a591a8b8188ca562d0f9e01846a369bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5b733a16014c8698f20f4a5c048651b

SHA1
28699c30654ef0b2a0ad524efd20da300be1bdac

SHA256
28cc12efad99d0586a78f68b0336978be8894f9df2aa889a06028d75161d48cf

SHA512
3817c6c6c3485368b203524e6dd75bd7d628fddffebe1125b0c9da7dbe3c20831fa03b25957abd2cae853cf90888b2eb306e2a4018c2c5ebd0c1fa7c8c3070f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87cad097e26c8157df90f078b37b549b

SHA1
e209bd9642031e7408ef4be9b1284040166797a0

SHA256
0eb573e3e2f3765fa1caa2aef6dcd97d7357d232871fd3576988b068ed6e8800

SHA512
2ea250393aaaf3a5803d52855c485b1202bb5570887a3fb3c186880dcd31f10afc110f070659249f96e60a3cfa5661b7ac1857185498c727e66ccd91882b5d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
68c9245bfb9e59d13d28be8bc1fe1f68

SHA1
a3628502c4b5f490f90ba60a214511937babdf89

SHA256
8d94cf8819fc54355f8eb09d63b5ecede088d559477b4cadd239afff8ba138ef

SHA512
06ffd7ba831998463bf036967a8982299885f766d2997e6f7e3561d5fb936a05b6793a3618ea83c820e562825a5281b91f401f199b79991b3f825670f82fd238

Download Submit