2288f66460a34176d2280bb1869326fc14ad46a659955cd1c36e3add7056fe9b

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 07:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ae4ea07160f5bc42543d9b3bd75f0911_JaffaCakes118.html
Size

212KB
MD5

ae4ea07160f5bc42543d9b3bd75f0911
SHA1

33d13e45eb243d71766e45b2c0469ccaf564b695
SHA256

2288f66460a34176d2280bb1869326fc14ad46a659955cd1c36e3add7056fe9b
SHA512

a092aae1d3b0a5b4fa0e2d2d1366f35bdbb71bf4a40f2da491696f3263a8cbcafa7a3f51076a5f71368157f399fc275fdf00af3a1a0d1df338d5e11d5770ec67
SSDEEP

3072:lPPfQ4SPZD3UcjvG8rMJcXmNRS7xaIybhzRPaqyxf87DIk31:GJtXmNRwWRPa5E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
3492	msedge.exe
3492	msedge.exe
1460	identity_helper.exe
1460	identity_helper.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 3932	3492	msedge.exe	84
PID 3492 wrote to memory of 3932	3492	msedge.exe	84
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 4216	3492	msedge.exe	85
PID 3492 wrote to memory of 2752	3492	msedge.exe	86
PID 3492 wrote to memory of 2752	3492	msedge.exe	86
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87
PID 3492 wrote to memory of 2480	3492	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ae4ea07160f5bc42543d9b3bd75f0911_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadfb446f8,0x7ffadfb44708,0x7ffadfb44718
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,18117663001910959489,17420259442072275870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
21KB

MD5
dc52475756e1c2cd28a642483362cfea

SHA1
f3ac327ef03dcde06f67e14c832fc8192720c5ea

SHA256
101e409217ecf85114a73cb222e256680fed2c01985839796fd7ee33abba9f2c

SHA512
51d10255550361a1d3bcb0ddda3402e7479c7babfe109982d6fd0143df08699ddcf6119c09b6f3ba357419a6d2828815c750a362c67a7e10b3159df8702af4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
02df4627f880b57eca1c41720b4822ad

SHA1
1739f889a9f4f688b1b3fa84e1a82ab425660178

SHA256
b50c229795be593479d1e5a725064960308d5f476196bc40bab13a4e0e97ac7f

SHA512
6296e4b873d368c89310a1cc39a512c7cab4ae6ce168c72854c50d36243b118251ef8e44ac9c519a6156184055f18192f994fc46eedc270103d8b07da89be4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3ccca56ad20f30e4e27e0eb136a3465e

SHA1
681bd77c1ab34a64dacd47702650a536372c02cd

SHA256
e826bdc457c10eb3d9648cdd14dafebc8a5f70ce5e35b72adda92308889e2b53

SHA512
124b0d53021d7b64111a307dec6b5ccd096a91bd8b14c0ae6843061411104c1a2d6f1248ac3a1f87c917ceb3b6565c13ed188038f97ca86bc9a0d7333a6ef9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1dd9e3bcf93b0cc6e97b6418be39841e

SHA1
bd33940226ac05693d51d13c380db1d767d09a31

SHA256
7085c4036309147ae960fd5086254ea721dc4f69b6624791aa5a0bad274100de

SHA512
23c8951e87f676adba894aece6574dcd6c30db037c415366574c76bb3c17871684726933968d10b56bb16529481d0f67197ab04fe92d8bcd5fe67915104599f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21273685f81c6ed526736ac44774f33c

SHA1
03108d6a6b548de62e94b9cf807e3b4791648269

SHA256
1b104fef69ab552534878d57c69687a28baae8fc1c87560284c4cf0094957ef4

SHA512
b53493140ea70dc8dee4f1aa488e4b9d022d10763459b89fc9f9659174539088b6983ba3d2587a01a5a9c5fc46b66623c980170e8a9c661491b83ee2c98d49fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
966e579c0fe99fafe9c6a50e8c848668

SHA1
21be2e6f324e8fa8014d0ec4e37ecc245355dc2a

SHA256
548a384ce7896bda2e73d8e31780e8ad1e85303ef3a1efc2ba07d404bef21c4d

SHA512
01421dbcd7da97e495799610cbe088344ac3eb808dfcd1e2f9f498993a84aa02d0f12185505470a74b9741366809f4cd68d6d59af68160a963a69e8b96e5ba5d

Download Submit