3cd6e56d95d2780d71e2c342fa2bfc84af361a4f62cab695a31aac3721eb9f28

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3045808a38800cd159911f1917c9857_JaffaCakes118.html
Size

21KB
MD5

a3045808a38800cd159911f1917c9857
SHA1

d7ea0a36edf9d0cae4c249b0ced42f8cd9493623
SHA256

3cd6e56d95d2780d71e2c342fa2bfc84af361a4f62cab695a31aac3721eb9f28
SHA512

a20147627dc99a68ce7751bcda7b11e16c93d782b25eab1c1369b69ccd228ede3b31c2499b7e6d8dd5793b2925eb9c7a72e58dbbd8717b3b3aa7201de823ef4f
SSDEEP

384:twAvbybHf4+1kM0YBYfOdWHHytAOqMXMPqPpHXum75YxMj1esgtC7vjl6JftgnBt:rKWS2SvOenDMcAwPFdQikin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
1668	msedge.exe
1668	msedge.exe
756	identity_helper.exe
756	identity_helper.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 372	1668	msedge.exe	81
PID 1668 wrote to memory of 372	1668	msedge.exe	81
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 1324	1668	msedge.exe	82
PID 1668 wrote to memory of 4884	1668	msedge.exe	83
PID 1668 wrote to memory of 4884	1668	msedge.exe	83
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84
PID 1668 wrote to memory of 3936	1668	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3045808a38800cd159911f1917c9857_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeefbe46f8,0x7ffeefbe4708,0x7ffeefbe4718
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16884925021810030146,16837754186425073868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
cb46505646e906c38a0172a8a866344d

SHA1
ae302b082ad95c294d7e45d90071fc2a101f8e01

SHA256
938659cb09f672a8bc76de9a6606a64af6a9f4f8566180701ea4d12d1bffe242

SHA512
68bd9ba3b40993c6adb940fadcb763428eec1786bd85f225bc0ca94a2a3304b33717e8afa0530b12f6955b57a4a579479b60e2c95dee66973955f92586557ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
28280036780acc7d32660791db616dc6

SHA1
9a600a88b5c2769ad148c6a7ab765e0376e5ee65

SHA256
b931ee184a5186ecfc721d4aee3b2bfd0d9241005da5f14b09633712c1fc2a5c

SHA512
a6bf517cf21f1b8a17d9fc58097438b36656389678a7474f561753a3c40897d450006d4bc2959339f0798b025faf4da3ca78af1b2e0e410f7be4f5285980bb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a4a2c7f1cf1a590d4c0c8765fe110ba

SHA1
683ebd145ea0c9d631cd36e0eb301743b574b28d

SHA256
bc7886a3e31e9def8a2bc8755181016cfad814eb9e59eae7b8a3c908d4b5eabb

SHA512
50ae6a91942cdb7e90cafd76ac71adcbef447e73ef6913f20fdbca8a35a4d1be34458262673206c9d2441e775a571dbc8c6e081a0efacf0638cc3a90d4da3b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
304B

MD5
5b77a6fd3950290f41d7fb7d732f965f

SHA1
215796e04fff1f9d7c153dfb1cce66e23a9dacb1

SHA256
7f589dcd3288c10586b42122ca9a8562d8aede435890e48c29b3957bcefe92be

SHA512
ca5d9a46fb2a630605ab70f4f47e7c359dba9fb85df0a30cf00dec4b3d4475522d4b5c78994c6847795fb83ed1df4ad56d81d99db40864e24e8ca58627e44fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ee2f86b24e5cf621dce78e08946acea

SHA1
efa92f7dbf68b9cf047a33b119a4f662cf610554

SHA256
09915c10100d2221b7797fc0cf40feb77fd61fb42fd5d5dcf3da001c8883019a

SHA512
808b866a8623bd8bc3b94baa4fcc4998a4e7d461ee60a188bc6752b0b48f1a3d9cb8b6aa4ebacca8fb561766fdb0e64bb3f5d920e52584304a7d9bcf67cd0879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17642a5cc9bfac2b77fc2a1bca56540a

SHA1
e3cf9af78f10bce93a561e46f531e32ddf7fba24

SHA256
88139b62de5a8d23490438b3c7b118744426a0f019559dc6102de86dce20f752

SHA512
e216f4f6bdd6f10f54eed69b89e733cc42aef0b1595009e2d2478656548adf393f3e884eee60dd4cea5c9b475747c763c9c3f46aaf1f6592743fb4a663cd804f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89926d993b3f568d2a984a6cdfb60d19

SHA1
cc9716ab9821308bba28c1cd422e2d76104d5a19

SHA256
f2673b6ed2e87e9fb62eff6231c9900bbdfc519f17cab6efe59a0ec8a58c2f57

SHA512
53a378f1bc78b6cc48ef3c233313d9c62f289ffa12d59282d5b7e913bbb9a9aced234e30aa3bbe94b8603f17d0dcb34390ce0c4e2de67a01950002fc4da2b4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b8107100722aa0d6b42eb30c293631f

SHA1
41054af9f69d2daf6357129186da9327a0738ec9

SHA256
0f605161f35b52b52f0309e0f60d512c80886621a2fb452317a8685c3a05fe17

SHA512
304aae93233fd64e191f94dd4fc1592d89364415db92b93d045be9fdd098f5b18d3059525b6d8c9495d6ae38dc14081dd432f7056b7cb37b68ca44e9508d4373

Download Submit