bc84b046c233b4e5cddea084d90379289ec6ef6ff9a68b56cd7c412844fb462a

Analysis

max time kernel
135s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67cb1a4b316c884a71d0f6748f335e16_JaffaCakes118.html
Size

37KB
MD5

67cb1a4b316c884a71d0f6748f335e16
SHA1

723ca5a2f48c7ec10d7dcc1ab2c7337f205f79ac
SHA256

bc84b046c233b4e5cddea084d90379289ec6ef6ff9a68b56cd7c412844fb462a
SHA512

3491f8609ad7b1bb03ef2211a54ae9bdfd46b3fb4cd1a3ec20db177f99cfc200d525959f578ed9f84f7b66ee8ad8f11455b2f835cd70c67db22124a751627391
SSDEEP

768:jF3bM1bwpmb2vb3uv6b/29bdK9ujFmoGev01JF4JSYAX2V+YIP:jF3qMpmSTuv6b0xK9ujFmf1ZZGgLP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
1168	msedge.exe
1168	msedge.exe
3768	identity_helper.exe
3768	identity_helper.exe
5216	msedge.exe
5216	msedge.exe
5216	msedge.exe
5216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 4180	1168	msedge.exe	82
PID 1168 wrote to memory of 4180	1168	msedge.exe	82
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 1920	1168	msedge.exe	83
PID 1168 wrote to memory of 2852	1168	msedge.exe	84
PID 1168 wrote to memory of 2852	1168	msedge.exe	84
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85
PID 1168 wrote to memory of 4924	1168	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67cb1a4b316c884a71d0f6748f335e16_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa24718
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,472714729494951394,2220729448182317404,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2cee436ddf4487c3b8eaf09533b8cc56

SHA1
bb67ea2ac938ac62b316523491d65ace2107c773

SHA256
5e6cbe21257532175116a8a5766d96a58cd441330f96ddff983b0de3f3969d44

SHA512
3925660f3fb7a1c51ebc7f03711449a63a2c47083dd51894742aacbabe5bf6e7d3967ae827b82e9990c18515d09d122e990e4ec4010d8fb6a58740b46f4abb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eb91f2d8536381cce2febff0161ac4c0

SHA1
f6e77c41d85d4facf22f333e1b85ba6d87d5b01f

SHA256
3337b0f27df9d34c5aa5f957647949f0c73122a2697fa1d741184b7275cb670a

SHA512
903f31d7700a81bf4167d555a8482148dd9d273314ac07e3dbbcf25717d52d6ca244df67831d6abad535bf7cb8fcdc1e4608e2b04fdd90ebc4f2c7fa56dc4ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
986B

MD5
8574ce63237e08747693baec50802860

SHA1
4ecdfdce6ac8c70021ef0e2c492f129902187d95

SHA256
8138883e175262dd6155ef28c10af2012b6d228082c3b410862c467a0bf7717e

SHA512
5435169fe98a92f1d81da3e1c4ba11d61b6d89f99681ed36815f13a33b1c51a2a657b9920a785c64e0f6d22f81e0005cb5d42f6bed8e434aab698fbc9751b9ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
986B

MD5
8e60b11333206c4b4944fe7a6dc0eb79

SHA1
edfed8017d83b48f3e75249df7660d06584ba677

SHA256
9da8988771ef75df200a5393a64d084a20c5c1fe356fc59352c712e1dafd99f8

SHA512
999db21519b55b34127dda61da3066333d152cef5b3058a218f6c15076416ed50db26b5ce187f64acd15b32de1d82f19b45be3e132070b311a292f9badeabf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
688f2640450946bf3ea57097b01830cd

SHA1
3f5ec21d87a9766b2aa89e081e108a992a32850e

SHA256
e27e10c846cff680562408b655f1b340303bd6a535647bb5615597e6adcdd6b0

SHA512
a25e924e1a15198ac8a41de3cd180cbfaf1499b53f3c25d192ca6c97d11f07160aff498e1ff41ecb8aea80bb0ae0b87e7e7dd98cae5a305a4bb6cfe25d1d8783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5b0e3ccb6dda073ad37d38b5e85e624

SHA1
aa363ecd03c65ed381dfc65176f71780b4cc36ad

SHA256
eb29930ebb8c69070eda0b13fd089c6aa567b7ed123d5b85b3c372e18fc42c7f

SHA512
366275722a7b69789ca071725b3d01aca4e966156d4649bb897f607770edf1e05a2efb779d42e868cb97fc2395ab7adcbfc20fa00786f5f4cfe19137404cab5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2758c53bfa4f1a41df552ee2e23194d

SHA1
a49a8e7411e3f3af31a95b6a44fb20d178ff7718

SHA256
60bbd3375d6bb0a5943c7b74bdd0d85045817e9de554e15dcfc70bc173f2435a

SHA512
85c6af89b34c8a1506a920406677d7ec6ebe57c9ad0d39d074da3e76a432df3b17ae20f069d394c6b6d88ea10e9eced5c9c8be8100bb00e6e090099d638a47b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd4207aa4f617bb564e649d2ec5aeeb1

SHA1
6e2baf62a8bf4daa2a9ac0eefdaef346312452b2

SHA256
566d7ed299aba77f3d5bab2991074f2a6166a77dbe3d5f190cb546d5057df26c

SHA512
28c7c053a4b7b49d4f316db12e2e431e0593180d498329a7febead6f9827d11ca6b726bfeef5a4cf186c9f86d184112164d6180b72199794558b35cddbaf39c2

Download Submit