c5dad8cde5d4b31f507caff34dbc559adf9bbaf849392e0e7ae27b368a4f7776

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a921265d918a6c7dba0be7b6b3cb54a_JaffaCakes118.html
Size

64KB
MD5

9a921265d918a6c7dba0be7b6b3cb54a
SHA1

129a6a94588837dede902d2149ba301137c053b1
SHA256

c5dad8cde5d4b31f507caff34dbc559adf9bbaf849392e0e7ae27b368a4f7776
SHA512

71e12c476c884901412dba2990c041889701453e512ae1cb780e2c1c1ca560581dc583caea55c8d163111ee3e236e36ebe635dfef39c52c07122593ebb96238d
SSDEEP

1536:19yAqLcTClp0TtVoDFxRNIdvkhrwuYyGnCRKMt7Zp:9qLc+laTtSDFxRmchrw5yOCRKMt7Zp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
4912	msedge.exe
4912	msedge.exe
1096	identity_helper.exe
1096	identity_helper.exe
6072	msedge.exe
6072	msedge.exe
6072	msedge.exe
6072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2596	4912	msedge.exe	81
PID 4912 wrote to memory of 2596	4912	msedge.exe	81
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 4920	4912	msedge.exe	82
PID 4912 wrote to memory of 2348	4912	msedge.exe	83
PID 4912 wrote to memory of 2348	4912	msedge.exe	83
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84
PID 4912 wrote to memory of 2140	4912	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a921265d918a6c7dba0be7b6b3cb54a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11255698537102398480,5696021366885416654,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
66KB

MD5
0fe383a7ddb9bbaefc3105b3297f5583

SHA1
f80c9d789f251909c7560bd91a9e1b9a10c26362

SHA256
d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683

SHA512
31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dcde7c94fc0f3485735426f46785aea0

SHA1
4250286c7c6cd9c5b5aadf6cdd2a53c5aab0c1b5

SHA256
fc5fdd2762a54ad4359a674b17e7022dd18f00db0062f86fe418c8030b9f0f71

SHA512
0ec178b87b64df9b76a82d3418cd3594ccb78cb8d427dd05d7ee19a5058636c6a5c571a730294ff3122de2c944d8bc6d9f861bf94b1e7cbd13ff2d384c03760c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
baec58a60b642f4dcea2abee6fc7ba5a

SHA1
ecdebe1ef0cceadb57aa8b3da206ce65b77a8f51

SHA256
7372e02b4df563f19229c2b6fd185c0c70d648c528e41538f63e9fa13b7a44f3

SHA512
e73df9117211caef992552c134d96dd1c74975f4c80c459d5a7a9b3775e72fce1b93d80147b710d56bfaef1889812654a37b2a72633680785f9187aed6181291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f39a1937a47fd932011b93e54919a6fc

SHA1
35d6fd671291b244da8813c781d06bdd3a14c56e

SHA256
c6291e65ff3e080cd2638255719870f13e55a59b8326d03b9372f03363f67173

SHA512
e380a67a6d438e4059bab89d2fd9b98908c953db7ca46285de6d229e4fcc47ee7fa5f0c528fc028afd6197de8d960f57f290dbfece23141857905d6952a2816b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7babf69d9b71c5bd1aec7b4e7df1d3c5

SHA1
a63ca01589741344c71927e66f18bc55ac65a8ac

SHA256
68f812c3425bbe07d908da13ee44830c30812d7ba78fcf45509f3b37bc9177a7

SHA512
a4af26682e779b5b3704e251aaec90c011bd1e497caa9b07aed15f5597245fe4f7bda8ad9cb28eda5b47122f08e4dabf26bb57d566921c8e301bbabfba558437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
774b5669906de9f0f5f1a39fb03987a4

SHA1
7954c3a80f3ebacb9e324861f402c4629fd19bf6

SHA256
2c90533a0d64584c7bf02afef072c8298f36bc02282953830f9dfa0dac285050

SHA512
b66a361f998b64ec6ac8f8f3b88505b8b8c44fb26239e63b90d5bcd1d09934988e0ba90fd04dacdc258aa53b67483dda2009e6791b34db9e53440bda485ffc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a16f8cce363eee7693e7cd5a6ce3e8a1

SHA1
f03a95d18fdd8645d60df4f4e91162386c86f80c

SHA256
b3f77d061b9df72c8c15cc6ab5d9ed88072e00898785130a21531964ec2c93fe

SHA512
26130a30a4489554b72ccf0755b4a4ba3fef733dc599a6991ba6ece612f29a1e631ca956365faf83d282edfe0b8c9231da373c7c2e78ce4a97c5b8e69174d7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
457b2000b93e98ddd249ef3b527e4656

SHA1
b9925cde04dc0d5be060a695b46376b77fb801a0

SHA256
4432a1f8f5f38e5a362edb414d7261770d9cec04d4ed758be5100fef2bb29ae5

SHA512
ca25fea1577f5ebdddbfd09af22b8a2b827a7a65350d9bd5c14f0c89fc29599a061b780eb9992b394f104773a9fa6f79e5c69296f34bf270e5d6330d4cd16d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f31e421cf85bd2225819e6de8568b3c

SHA1
b91b426f88673412e629ccd20eb7667911dccacb

SHA256
32162fc0ebceca04afba1dc271a2f9fd0c16ecf9c6b1a6fa64595e0dbe98e495

SHA512
5443b9d24c681acf50ee87a91b75aa73614e3dc2345d82a1c1ddde22917c9956e8b7b7393a73d56f9846ddf09ce86d2129672bac3ba272c25047fb51e9abc501

Download Submit