cb1b12144f52956b5b3729bd323caacc99369f386ea91ef630e81924f75a5a1e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eb169050702673c334a260831f23ae4_JaffaCakes118.html
Size

44KB
MD5

8eb169050702673c334a260831f23ae4
SHA1

65fe877ea0e952ca3e0c59d84b3bcc9e6b3d4227
SHA256

cb1b12144f52956b5b3729bd323caacc99369f386ea91ef630e81924f75a5a1e
SHA512

b13439db78c5767392dc55baabdd50aef4fe9bc094425e715e4102962d69e87291fd29c3a413562b6c023e8176c4c1f6b2a8dedbf0d89fdbef5740ef84feae3c
SSDEEP

768:yuDcGaErmMORojmWBqlpqWpSyLGUHXEBkJomCn8n0b2WmFapubx688ESw97YApq7:yR+ORPpVpSyLGUHXEBkJo72W0aMbx680

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4480	msedge.exe
4480	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1348	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1348	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 4724	4480	msedge.exe	82
PID 4480 wrote to memory of 4724	4480	msedge.exe	82
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 392	4480	msedge.exe	83
PID 4480 wrote to memory of 4760	4480	msedge.exe	84
PID 4480 wrote to memory of 4760	4480	msedge.exe	84
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85
PID 4480 wrote to memory of 3324	4480	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8eb169050702673c334a260831f23ae4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15368317452783348680,12469246613917142708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1024KB

MD5
aa34ebb3a8885d2d05fead6351fc3879

SHA1
1910b2146e4281a3346c4ac5f028a44ad87c3297

SHA256
45c4e26de727f9bdf7856af192add716e1a52637ec723ac3f3ee963317a189c9

SHA512
0a3db1fbf43d5f65a123976b68d4767ede92c0914cf98c1ce91e907fec0ff1e07f70bdd733e8f0e4d73829938f0cce7215ce54fd65fec25fca7de8354745f8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
cfa66597abf67c06e5afa1efd208d1f7

SHA1
50da20aa6b1096a7c48e98c06389c7737e22d380

SHA256
ddda202e5c21da119390992cd6b64875fab8fdecae4a8a04dea9251a25897a3a

SHA512
f28857ea685c856030958e7fde63c94a716c6f202fc8deae657c392bc62b6db6afe05646dee14fb6b2de94de0ff7a2f7fdfe15f771078dd86b3227821228b171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
78f56970ed527417764532eb22e39f8e

SHA1
4b2e560fac787713aefab7b48245b452a36e6f25

SHA256
110cb60cf49b711157deacfc8be7fc1fa52b6352a58678f0526ff84ec787ace1

SHA512
a2e565d5c7e35814422a1213e2ad9d7bc996d5837d13b80539ddcb78cb125acf4d9eb76bc2c1da5e36c98a7c1b41a60c3a8bf68c3e24277670ae0e5880dd6b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c26623cd941ac8c20bf90a449a8ce5ed

SHA1
788272b8b8499ad99c438cea248e62aa6742da21

SHA256
e187308cafa1920475dc140c90c7604a5f9bb5d7ab4bd72e62d05bef8dc3f078

SHA512
61d043abeb19d1f632d5cea4cbddff74c246fd5f7a8a015cec5953a0f224eb2ca2b98d37454e62e9b6bb42d63db998b45315d604c678f06b7e86d2ff910958af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ef348739e72a0715725d9186fec178a

SHA1
23c10e945fbbeff5e24b4bfcd09ce7ba1bb5c7b4

SHA256
8f6faa4e7d188165ca1d0b417dda51734d7a3aaa7221cd95b114b2aa72fccb95

SHA512
bdf37edae65bbb1d3791528d61998578e2afb0c95772d58ef4e12b18823752cacf0b3877dc4d1b991628f00be42cdfd1942c26cc8985f5fbf170a422f28dd643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c740cfdf8f2e604c5145295ff7c9431

SHA1
e762b1d9b26272fe4fdbc4357a7da88ec560a543

SHA256
2c1c2e8464d3dda22a28347f83c973aeb78d502e2918d4337152382267a9141d

SHA512
99ae8beac543b611d409f704c73eedee9e8ac29fdb6adf65c9181ea9c9d0a46aae622016425ae2d63b612c3ffd0cf041ad51fb581caef3a3cc5776e175b03e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07b6427dd6fe5818289aea2d31a674a0

SHA1
87a4aaa86d5a75c06e542e387e4648ec87ab91e7

SHA256
5e8ba75fcc177b55aebd8273ce96cfaa4d7d159db268cd47cb28d9eade755f64

SHA512
7f04f83a409e779544c30092771a023ca3d69d5064a7b8d9f163f2d28bd80d4ed614f06e5d51922a6d487b484746b9cd216ac1624833dcca7167c2aa4d039ef5

Download Submit