7139142a5aed3714f5b7b3c4a7950d5e401ca619ea1ef257b5441be8e02756b6

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7858f03ce909cfe521025b0be944baca_JaffaCakes118.html
Size

45KB
MD5

7858f03ce909cfe521025b0be944baca
SHA1

1d6fb59fc08f2f82ee39e1799f618593d05a9ceb
SHA256

7139142a5aed3714f5b7b3c4a7950d5e401ca619ea1ef257b5441be8e02756b6
SHA512

0a89014dd7920d872d88636c6858ce67696ed4464d447e5c33be53650028f54288c51c2d0608829219b37714e695ddd9826ef346f9ef5d303b3b6a690345d69d
SSDEEP

768:gBbRDyHHFPkzoxktv/OWfOvFS5OR60j7UeOpD+l3:gBsHHCzmktXOwOKON7UeOy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1508	identity_helper.exe
1508	identity_helper.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1732	1692	msedge.exe	83
PID 1692 wrote to memory of 1732	1692	msedge.exe	83
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 2972	1692	msedge.exe	84
PID 1692 wrote to memory of 3468	1692	msedge.exe	85
PID 1692 wrote to memory of 3468	1692	msedge.exe	85
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86
PID 1692 wrote to memory of 656	1692	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7858f03ce909cfe521025b0be944baca_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,935748558649943046,4449225146660165964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64140814-560e-4a5f-a7b1-33bc046a1972.tmp

Filesize
1KB

MD5
8201f8a593a0af4e49cab87e9ffbf656

SHA1
fee293f58af6cd033af341fd55859fa5965717ed

SHA256
18b0e92833e4402c8ab92e32098993c13a912d949d4a139759247cc3796da45a

SHA512
19ba04d46832411480e963156be399cd68c4c3d5631d62ea1e6d06b8187da0730d81f5d1a629fb3b3d2f91ac29dcab7902c4339ef1ab2d0a530a2664c0fcbf36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
41a0d81cbdbd3790fc2e6739b91ea59e

SHA1
266c5d098b9ec6c25f6418b8fad97ca7208c5340

SHA256
52aef6cd066bc3fce9433ebdb5eee86fdd091400bbec0b085965a9ea372e90ce

SHA512
e7f444ca0c6e6a0599eda7e58b05be7a67a881ce9bffdc620ed0e101b0909466b31fcf3d16766524afd1c50606e78562cbacad92da29cfb1df7fa9d49cbcc9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
aba13c197b1faff310717e98c3474cdc

SHA1
07dfa76fa30f76230481459ba7bc4832ab02b2da

SHA256
2b4bba623334fbee97c4ea1c1d1f2dfa03fb526a6646fc151d5072e4bfc8a3ba

SHA512
6a336b8b712523901892ad5a41b7ebda992d468a344759c3337f04686c6070ee2d61aa0df0f41d6affa630072c7cb998b8b3e1734fd81b8e283e692a86bcc6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4e031887fca1534b35f4baf426a4c44

SHA1
0124096397ed0dd888c91d23990f0809d10e70cc

SHA256
c57329f566d09b9d933d84342c44542917e19a655941779478a83621a558794f

SHA512
b42980e8e4f374b3a3ca3922b7223e27a7d69a4a975a37cbff43bcbcc413db3bdadb3340118a3a4a267544e8ec7ad03e39c4a2e426d48579d0bba7dd66aabf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c4b47e21df037122ac99e9327cb29e5

SHA1
dc513e81898eed3b223516b5b1da9980c64666a7

SHA256
9ff63fce4510566b9cc51ca61eade11ceaa38ebbd32af22bb8f6ee6635b58d82

SHA512
687793575283e65b871cac21506477f9063ead2ec30abfa7e6c6cb18bbd07fade0c7ee7cb9a5d060bf809856fc94240ee9c1302e80a35cc25cb82bfcef8242fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc92153fec3adf976586fd38e2385466

SHA1
b0be36e22861485a16734596a0c3f7fdd58ab599

SHA256
aa03cab3ceab7c95f91549fd8f13061a03ade21d5f66e7d697ed0fa6d890bfed

SHA512
38ee4b349ad6d51185ff411fd715fdb7b2802b1b82a5bde326a59d7a98414a10f18eb67da6b9eb6a4a1fdfe7a7be327061ddd174e1595586f95e274751099b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5e21cf7f517fdd1702ed8f9c9f28d22

SHA1
a4b75d523eae783879840dc6134c9366e05fa4e4

SHA256
51a04ce6123ee8bf4647c51f8035c72d4d19c700b31104d4d89c139a9d2b5eef

SHA512
e64e92ef67c00696c98b23f1122ed7dadeb2ea4ff659d9c33e1aed43f544787cd3fd5ac1f92f5dba793771f24fb9954701172e5c3765680b097f6269a8fadcc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e6d135d034f1739a5a5d7366c834b18

SHA1
4527c2a36303f69a357d2bb4c8e17f5c0ab63865

SHA256
08cb78cab05fa4a59bd003d93496d913d807da1c68a56248e21d26170ae8d212

SHA512
c56ecfbb4178accd2a138f8f395b6668c9ed15258533fc5551dbef0d9961ed1eff26b2939e559a45bab28e6062a3e4125ebfe9ecb84c03bc5889b7268abe0201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4c4a3aadde7d55c362183a8fb5a85bf

SHA1
1e7e3c8ca5dcc0d2c43865b6e0ce8a9e0a412d4e

SHA256
285e44461cbe05a28ce5371f30122d7560d28b3e14eae4572ed97e0907023df0

SHA512
7679411d46ba68febc6af17562870011602355a7044773c1d3e1b36f3c3f39a2a1199479c4a3213a79ead9fe65295a8bf4cba429d448da0bc038d1b5c881a741

Download Submit