49bbda0b02324a1e225a667a9363102c3442822d0b4f4c15b88917b0d269b252

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39507a214634392a40fd907c2dd8247d_JaffaCakes118.html
Size

175KB
MD5

39507a214634392a40fd907c2dd8247d
SHA1

3f0663fc4cfbadb830ced55a3ac628e604d424a6
SHA256

49bbda0b02324a1e225a667a9363102c3442822d0b4f4c15b88917b0d269b252
SHA512

b0cb96292a614dd0eb4b7624fe7ed57de680f421d0c02b843e0d634f0dda7d246f4bfe3f2b3f01fd405796e13a196b6c63f4684a94fa7bfe64fd52c1c062b5de
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3AGNkF5YfBCJisE+aeTH+WK/Lf1/hmnVSV:SOoT3A/FcBCJiim

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
1820	msedge.exe
1820	msedge.exe
1140	identity_helper.exe
1140	identity_helper.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 3348	1820	msedge.exe	81
PID 1820 wrote to memory of 3348	1820	msedge.exe	81
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 1236	1820	msedge.exe	82
PID 1820 wrote to memory of 3736	1820	msedge.exe	83
PID 1820 wrote to memory of 3736	1820	msedge.exe	83
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84
PID 1820 wrote to memory of 208	1820	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39507a214634392a40fd907c2dd8247d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85cd246f8,0x7ff85cd24708,0x7ff85cd24718
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6986140060340078406,8030857618161983812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b0d8fe79ad08ed8_0

Filesize
243B

MD5
b22b6ae29cea6dee623f0826d462379d

SHA1
8cfd90b7f22a7c385b120078489e3e1b964067f2

SHA256
eaf8e921ac1d11e7eea76b56c4a878b1164938dbf2697a9a857d09b3110122a3

SHA512
fbf66b7a2b9c7e0fc101f27287e394fc25575df508cddccda97afc6cd0b878da3db0f69e7be80aa8fd14efc72f94d7736f7563534544cf926ae6fd047a8aaf2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
69e4806aa06900e9f45fcf00075b53b0

SHA1
29c63745f207a01c86897b5b6bc81a2754ea28b7

SHA256
67aaaba5e29a0e8558854eed312b98ae144c606a87120cceabc55ab8368fb286

SHA512
05151334d93ee6701f85583201629dc5a5c6d593c2faa30c48be44ea0fbbb56a3af562a97cedd77cc98648d3d4c68c714b3fe50f745a606ad3e58051787e6daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6044e877c032ca0f686c20ac89d6f7b2

SHA1
4798f2748142388627973cb19e07bc424ac38af7

SHA256
2e5d9161d99569a146ce4439c81de6660fff2d2a569204354231af80e57f3c46

SHA512
664680957a826c57fc8d83c047d761dd299223f65d624e780ca6c6423b2c9476aad985eb888115c41a6684accce1d5066e95162596d4d8c9dfbef426b5dea5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
017c81d17476f8572d0e447a7b5bdfe0

SHA1
31ebf543de8938ba60aa620f7b8688156d2da129

SHA256
ec8afb4eb2f9c2434010b0f403213b69ec4ba772914087e0571d5efd233e63ea

SHA512
639dd9d4e1a7d9ca290ff13e3a2482d3ed87b6b2d75339cf3d94b61f528058efb0c22310c786f538b9cf496cb1c6872bc430db7818fab7d1a7645f5a49c498f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22e04aec1af290a09fbdb06b4288bd1a

SHA1
f8104f153edff373cc557322cf06825a76624f7e

SHA256
c32dd782601b33797e172e4539d8d27516c4a2ab7d809a9ede886b000ddc67e3

SHA512
9098209db500ca5debca9e4ed8d15939e0328cb5bf8f95b5dd91259c1494e0f2a61aa758201f3aff2ffc36e13986b626cafda638827a27fe552ac68dbe54314c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f3c4841502adaeda7ead48a410ce1ce

SHA1
0541770af6fdda64e14406362de17da5cbcaa800

SHA256
af45a62ea2fd7a9e3882a89bd8f62a039909f717c1e2407a90c0bde913bee95f

SHA512
c873fd6c0e98e635a54ce1c29085b7b49f09b1212d5b37bd2f543f9c7847259d80dccb4b462b79d2f81c19b6a90ebb865a66e1583846817760b70dbdbfe540ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f61ad675848ec91075f5c9032c3ea59

SHA1
bbc53f9c0eb89e69cd71044218c509b9c30432a6

SHA256
bdf1bf814bcb94e7f9c034f37a93994352a3dc9cf98ed8fff6e753697694db12

SHA512
53d799f66d911995bcb120d0963eea79aa3adafe98fec18b0ef8ef3f8a88d1284fc00564213016d10f385d8f42f8279f93b939f5ae564cc75f3598bed834e355

Download Submit