79cb39f795a2f75e18700fd152ab00d58b0045064fab8306d2ae6cd83db62f10

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8df0fac43a0a2a50cd660a4f5dbacc0_JaffaCakes118.html
Size

95KB
MD5

a8df0fac43a0a2a50cd660a4f5dbacc0
SHA1

27a7e5d4db1ed82465f59dd8ba48ecd6109bb71a
SHA256

79cb39f795a2f75e18700fd152ab00d58b0045064fab8306d2ae6cd83db62f10
SHA512

4fe878c53b6a62d85ecdd82b6e4380aee73bbd37c069d7c9f9804441fb4cf974112fe51a595356cf2ede800bb172a8a0246d4d6ba99f5868cdeabad92fdd843a
SSDEEP

1536:isIVaDOuOpvUO6UOAoO46O9OzHn8GwOIeg+lSBdHNr1yjJ:isLUB6Anqsbnd/IdBdHNr1yjJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
1496	msedge.exe
1496	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 1140	1496	msedge.exe	81
PID 1496 wrote to memory of 1140	1496	msedge.exe	81
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 5116	1496	msedge.exe	82
PID 1496 wrote to memory of 4524	1496	msedge.exe	83
PID 1496 wrote to memory of 4524	1496	msedge.exe	83
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84
PID 1496 wrote to memory of 2604	1496	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a8df0fac43a0a2a50cd660a4f5dbacc0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2032408098909181225,4768329781804652363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
80697df66a181f5d70bae9b86b393810

SHA1
c6c31b92929015d1f3dae43961dd173ff7ba8ed4

SHA256
a9d6a1daf4623cb992dfa19ed1464de71950249f1710d17607a5b382b38dccf9

SHA512
0f84974fca0480a5cebc84f14dda97c86f8c6962bb84fa1842f2b9d5b1128c70d3bd97474ea072fc74d31a8e611e1b66684f6bed198fed039b7a32953d6a924e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
db4d413f76bcf5405f2dc3f5bcacdaca

SHA1
c8421bf313dab3550db92256a273cab2772b9696

SHA256
d2067dcc8bcb0b5d5470ef222cb577e7a3c50685ba103cff56af7eabedad5ced

SHA512
bb789212a693ba757a5b64c3c1408db18078ab3a086351ea03a79e9ca3433c89285f0bd6a30a41254cc455d54e254401e3fdbd7165acc00f1c6e452cbde12c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a6ccce54326b37c113b950db449d0367

SHA1
434719923b064c9910c7cc46d41470889fc25184

SHA256
178d86eb2649e6eb9c5b303b4f0d25c2d00769211e72f2a718cb156c86ab1118

SHA512
7125d8af3efd4f967b2347f98340161f7eceb52d311df4c1d0990bfbedd7981906e98a10df8f8160e7415cfa79c74e7bfa78b01a973cc454df9a0f4c3dc7e304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7b72573b936ef1757fcf7b07dcf1bc3

SHA1
62464f158a20817ccc8130b70af17fd6fbf88316

SHA256
6eb4e6537f0966eb933fb2754c8c725ee868538de347e1b1a944582bf77fec13

SHA512
2962da1a893c85f031002159f771cc59e841210ff741827c7e2c5b21c716e67cdb4b775602ab981f24f62203817d32da85174c775ea9471a80dcfd75da74c8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f8bfa700a1a18a51e5024d13e20f0bc

SHA1
3c5cfed6fb0f3fb86e69c75281b8279ce2b960d8

SHA256
c60cdeb52a1bd45d2151072758c4bfc7f02729b9a3f1d62497a719022c19dcfa

SHA512
d377e2a182b95e5a8b08904fb86d71d173e3024df9e43157b015161ba5e8c9290ba8308739d4340c664ec11878644f2db9086959de175ba54ea2316b99ff35c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
321fee59f5ab34ef1abf24df1014f621

SHA1
f636d18badd0772f5e3091389298cedb74530ef6

SHA256
332f87e5702d7894226737026270182893ef64667d7412e29daba5275fc32ca3

SHA512
0e81ff56fcfb8bab431751530896954afdf7d48d982e4a74b61de4b7acde197381a3a9765a9c91e55c1c61df311b6a3f5c18871d24887c4fa01d076acc216c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
605b0249d4c2eaf6f01cbc5e64d4b326

SHA1
76edb947e644a782ad3d9dbd344c7b1bda1f3ad1

SHA256
f4d6640c204de44b3999361cb548918f2ad0db6c98cbbfbf25ecabe3f2d7fdaa

SHA512
866c2a1be4ec917a2c22c83abb4109dd24f19d6628fe0074303b087f941c982b7acef221ac6a70d5dae3080948e36fb4f43074d364c4eab90c9da9ac8a3ac48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d75bc6992960c0dcee8c4d558d956ba5

SHA1
d5f0e9db6c769973c36d49acd0c6e6acab4e28fb

SHA256
295e18efd809e10af33836da07e40888b284de971041f8700630dfe87f852965

SHA512
97fc49ac5959713f0f8b4aa7d706b68fa3635e6281854d8fb336f41d3bb29532a0ae843f4726a89d4480b87e17bff2a976005fb5f7c8a9da591fa24242e300c9

Download Submit