df05d6399a145529252fdc16be3e25592173b7d7d20453c39ba0ebdf1203855d

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6856e3895af370e3eb518d56bb167b50_JaffaCakes118.html
Size

39KB
MD5

6856e3895af370e3eb518d56bb167b50
SHA1

05db0339f9e66fbead9233f1de09fde813f18445
SHA256

df05d6399a145529252fdc16be3e25592173b7d7d20453c39ba0ebdf1203855d
SHA512

0072fa6208a70df5991f3b2757af20ee8bc57db3345a201bf32ece7d09cb492008124970b2987a6802608d860d8fec494d742c815bc4080ca970e7035b2c35b6
SSDEEP

768:w4wq2WuJuefqfSdzdn6dkUf6yYh1aVq/HpLJzgSjgHFr4DEMkqcktTtzOD+/Qcb:1f2WqSL6yYhpGFktckJtz7B

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
3464	msedge.exe
3464	msedge.exe
3348	identity_helper.exe
3348	identity_helper.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 4632	3464	msedge.exe	82
PID 3464 wrote to memory of 4632	3464	msedge.exe	82
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 4608	3464	msedge.exe	83
PID 3464 wrote to memory of 412	3464	msedge.exe	84
PID 3464 wrote to memory of 412	3464	msedge.exe	84
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85
PID 3464 wrote to memory of 4936	3464	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6856e3895af370e3eb518d56bb167b50_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d4718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,8399330466708586690,2115607111130858419,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
985cb9ff80ec260a54bdbade6d5c71e5

SHA1
8905f7394fc6b4c8e67f9adbddb2845f912ad917

SHA256
9964c9642a435e28abbc9e2fac9ac823f7964ddd776d52a411480f83a6edeb0b

SHA512
8116adc2cbd6547c33a31a853d8aea3daf494127631fa94ee1e748ed695cf98c11690f82d051482ca77d7f77a72d62593857021271b1333bdb2aaa3b591800b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15e855bcdf01cb650bc4e27a98a707cc

SHA1
47c7cdbd741454c54b1c7213a03fd9b246483813

SHA256
a41b93b1ab8d55ea3c7745def704c4c473e01ee2e1d34bfa4e86b19f05df3293

SHA512
2a7535dc98bb3ebe16d3989e94d07a8bbc4ca508a0e9d6ca7dc916b9a80af3cc4562195d3af0c9179875f73fe2789e1cd32b48050d9b5fc96517844e5094bda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d804f5e930eb64159606312b66565489

SHA1
ed3b658ea9f99f6b2ac6a547230406b64ebde1ef

SHA256
8a575d29088836e0eaba93b1a665226cce5b7542029241cb70fa7f30c3b92d33

SHA512
68250de1b2a0e2b8fbb94ff52968c3d898c5255cb2199d9ef99666ecee6a7bc17e0fdba0e759d0b3c8b6824299fbe4fdc248f87dc8318bb7f719114b4d213340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4002f1e7cfc998f569c300aff02032ce

SHA1
fab9a6e3fe8dc4dc118462038dc56daf48efe979

SHA256
db140d91366e06318c3b414bf06780733c8cb146bb869118d49c389f886792b4

SHA512
8947c3001aa20a3e11296c5d90a45bd6408f2a2018362dafc15ad3dde3618eb97494103fd7aab8998e59d2f0a40ce95a7e2a0e1cdd4559de866ca4916106cf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11373b8b801d1fabb3c0322f1584eb6b

SHA1
a6ba06ec0b001c018084e80f00db96d6606c92fb

SHA256
68a726e8666536d95a1a11e2f7db703441b0c9b571f55049f50c74baf32c98f8

SHA512
b152498172ed02633f7bf04031ea0d5176e6b4240d3aa938c49e796e56ee620c8ff4728a938f9bd9e2fed7653fec0247874744dd299fda5bc19d7ea4efab177c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d08dabcf552f9e8c6199b0910f143ad6

SHA1
f945be4b4ffba3d79aef2ff11e7c1c7edd4bc49f

SHA256
76bf0ae544417c98015c892a3022544f0e8ab15101ffb43ec45a81816c03b908

SHA512
a5c4c18e6f964de9accbd2bc1c2be524589666979aaa1a68b7254da226342beb4b6fc9247a4c7127a963d520fd60cec4044b741fc5653ea4bff5b71d1f7a0199

Download Submit