1a01b829f860f823f533eb7eaee3ba7dd40ed340973fbc5710466f1fd16f8128

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2024, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html
Size

27KB
MD5

c4b73e909516ee1844667e24a9dfce13
SHA1

33abfa8a35f2cf1c7b27443d4e7669b951eb2396
SHA256

1a01b829f860f823f533eb7eaee3ba7dd40ed340973fbc5710466f1fd16f8128
SHA512

564c86f5f0e260ee21a2cacdf8760ea6fd170c3dbed4b7f73c709046edd7e087bf67cf416619822a7b90b65454b655903dbac017ba99edf1c9e2e528244ce104
SSDEEP

768:mkdlSFcT++HYCGy7DpejlayV09fd/E9YzGvJa+G:mkdlSWT++HYwDpeRayVcxE9YzGvJa+G

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
4764	msedge.exe
4764	msedge.exe
1964	identity_helper.exe
1964	identity_helper.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 4228	4764	msedge.exe	82
PID 4764 wrote to memory of 4228	4764	msedge.exe	82
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 976	4764	msedge.exe	83
PID 4764 wrote to memory of 3020	4764	msedge.exe	84
PID 4764 wrote to memory of 3020	4764	msedge.exe	84
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85
PID 4764 wrote to memory of 2628	4764	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc4718
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2664e2d490c4708eed9e2d80fa93389c

SHA1
d15f43412f1fda19823945aff28c42fbcf891b36

SHA256
2fe0b8b9eee6bea041b959f19fe3dd3f4ac15769f7b8fec62dc31dcdf5a0e716

SHA512
cb80f1676a26498a7c14fa80c07a36444205fdcadebbbbc9073afc063912a979e17a32fc0d17854df0dc25e0b56b8add5baa89fc1ecc12122a4925fe4c13450e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5cf7f265da54083d84d305f7e9e35b62

SHA1
071fea05064f67b167779180f5f91170db3710f9

SHA256
a306c0f54f2dc7293aafc1707a9c5bce29551d83f641a8cd456f6e8d69fdff45

SHA512
e1ad38520d0485832cce6f099818ba79dcbc1492cee3089c60a9259852ba9a7a5aef6f930c4ae27d05f66923d117bc8b2ad91619ccf45b286476a31de1e8d297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50f54d720bb9a389a9060028d80976ee

SHA1
7374caadb8b543e940e9b3e7b21c96db3f06b681

SHA256
da011c8b8a98cd8397c96fb52daae17688e49c25d646a31e318c132264a0ac85

SHA512
db7ce600e07600ff5d6f5ea4690419ef5a27a9fbba43ecb1204829a73dd70894dec164f1e267ac36f52d5d8a133138567f0f896522a566b6a4f3ad2284c1e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dc6461139f138f469f5d48e1392609bf

SHA1
7046127a00936e48d641615f2d47dab7543d3f4c

SHA256
97e0575f0065579b995a68f0314e6e98ebca44fc99db67dd47a231fcdeef13c4

SHA512
56555cb8250369b1b618a7e265aa087ced3a07bdbf9b54fa63fa1f54704e77bb01e382e014662e37d1318e0ab73e1a04e700e0be9949f3d01bd5aff2cb6377e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5be7c14b5e30440a2febad1ba370dc81

SHA1
ef8342e5c48b8fe0feddec178d54c75fc2022b82

SHA256
af251e38f8dd2f56f2e233bfcb90e2e1b6d30245518aca539b037600b06cf699

SHA512
93e7128251b86e0acb5dcf44a624db956d8727829fc76d387b0724489b4a6fa8d86c7302675a63af74aa9335d065e08c640d664d037168782ab5b59258452e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60c7b55678b2e335e79f0523d1868005

SHA1
e95c9e37263de89a83a544dad2c7e51dbc193408

SHA256
1df7b0d4dcacc226d6eaf84a46d1856a0a99994c413bef12dd05749e0aa6aad4

SHA512
4c9e2015ceffa88d3de787a05cbdaba9d3d36b4cd5dc9888b27561b21cea38ec8110c51e8beb4cc22aa033f048bc38d7abc100c2f2af129a8f18cdbc791bc045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
040b8736b5b76545dce7e11f038dbef9

SHA1
87059291fbaf46c992bbc152cef8d1bba4e535f5

SHA256
d65b17c9b7b4320d04800b9c8ffff05ca1ffdcc663e5249eb75f873b1002d8f8

SHA512
efdc376b0a23625956facbd5d522f1009fd1f3cbfd41afa47846d1d2b46cee2108a23589505fcc4f18b5d3239b60e332612b71b2fc0a763d94c79529c0ad6496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
429f31ce8cb154b5716b547257b9ba84

SHA1
f70e39448ce2a58b97abdf802dab4c95a289b510

SHA256
0c806b7c72501933be7f41e36e7591a9a129ba139f00eca3f680022350bce3b0

SHA512
d9ce367d2b33c3ca9ddad0fcc8098f0533b2d18f459700a11f7cd6f7df816a9a7e011d0b902c1fce365e3e7e5c9f9f00b10dc678b45aceeaedea6d486cd442eb

Download Submit