7bd40b8f81297c070c8420c20da99784736f1a932820b2f14efc213b1bbf768f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

951280df0d62612c99359f33d6989fb3_JaffaCakes118.html
Size

78KB
MD5

951280df0d62612c99359f33d6989fb3
SHA1

6f631d2010c92c34ef0f60db46b6ac5f041f8694
SHA256

7bd40b8f81297c070c8420c20da99784736f1a932820b2f14efc213b1bbf768f
SHA512

a5dca015e4d2740654c9b0ce4fcc6e7f4a93692ed25e41a965176194f60594b820db4d939d3def24c1faf927e24a37df19aaad2139bb2de5c1704a70f02cb996
SSDEEP

1536:Pui6zHgXBsCAS2xd0qiERGjK98tXeK98TOsmhnyh1ddoy:mi6TgBso2X0TEkjK6XeK3yh1N

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
2644	msedge.exe
2644	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
3296	identity_helper.exe
3296	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3640	2644	msedge.exe	82
PID 2644 wrote to memory of 3640	2644	msedge.exe	82
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 4676	2644	msedge.exe	83
PID 2644 wrote to memory of 5044	2644	msedge.exe	84
PID 2644 wrote to memory of 5044	2644	msedge.exe	84
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85
PID 2644 wrote to memory of 4740	2644	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\951280df0d62612c99359f33d6989fb3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14850685737922698286,14091487154373644662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\48fd7c03-42c3-45f6-84b6-00f616c62354.tmp

Filesize
7KB

MD5
6e074f19672dae5d42e861b8ea784b25

SHA1
fe914e16301999ea051f997e3d1e67c978d39094

SHA256
acba71619acc36f8222d592509fce7c3e28f99c3ee25b908de0bcff70c1b83dd

SHA512
f2c1e7bc1ac6c2dd446c13cf3ce8e4984b63a3232ffccb8728cd715f79eeecfe2c06701f804ec75dd69cbbffb5f025c8f05be8b00139ab07c7013aa752bf4cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
be60ab83814edac90b528ecb7fd50223

SHA1
a1bb68ee945088e14c0834a5bd1a2a1ede5dad92

SHA256
1f5b50efb380a123f4aed7a0d54700c2af1b4e4acc5c9c87fab473c1b040de12

SHA512
dc0c998b9c1aace9ed8128f85311d36129cf08175380c7281ee012df1705dbdbd25a1fbb2fe8fd807f9393534ede8145199fe0ecef2973490bf559a37e84a7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
334148d658908ef1168355525c0b838a

SHA1
7238bd4c1bdd37ca83bf36c750e730ae1f1a71b4

SHA256
6879def6b03ef8188120e35340401c39b008e3176a4578d21b943db11aef43a7

SHA512
928b7040dbed1c1a6ef206ef557edbd95b4733cac7e0159108ae4a8163e70f8e5b94ffca5ac3f7f18c96a03a1469216e5e2e60439732528b883c871b71600652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c22ea91497ccfc95f6c04842989f0a02

SHA1
9e8ec6f17edfae41a57e0d0bf6c54d1d529b2d0e

SHA256
d98059ef224ad44fc0579105e6422ad30ff9f0e98309c314c59610189bfa4808

SHA512
97f06a7d918e7fec0ef091e8a2ca548f958cb1d2684140f4218412343fd22ec81788e83a206dabee726b756cfda57b92aac16ed0fb81c91204921555da31d593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fac1390226fba3853ee8da7cbd20f5b8

SHA1
e4f7b631323f95cd32b7409757f7114709637bd4

SHA256
bdfca8a4ccd4b4ee1db1cf0148e08760cfaefd841534ac7b98b25cb90ebb3f3a

SHA512
835140b5a2bd181fc4990968fd977368fd77c8b232d28175466da6251aab97ad4fdf0eecebd7fe6deb693e2b37ec2d6edbfe1a2edef9be41046dd4b2eb9f745e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bcca8c0a0207ad01697c624dcae657d6

SHA1
58407bacf81f00c1d8fa0fe19280788f9fb59269

SHA256
eb717cf18d8aaaf3d37af5976cc16ea5dd86ef93dcd255407e8269c85bbf0043

SHA512
999d9810178afb466216248d122562943ee00414f31ab960ebb21795af29095202e2361a880f4482a06901a2b5b8a1c77c676e51e60d810230cbcab882da9d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae5bb4fb6ce848afd7c8af3fe2d8c848

SHA1
d3a7e063c6d169668996cd3d0be3c3521491e653

SHA256
12cad09a9e33603bebc6bd71a4cf86c8d3e1f83b6893214fdb86793271e766a5

SHA512
830219a58fe48c0a7b68fa4dc82d2ca626fcaca55da23d7af6c3d3238056e5598df1a369cf64c32fa292df6096e501f5fdbe721911fc3b02f7770e7db859dec1

Download Submit