17b88b54b0282b0db271c49fe9df9f91af4a7b525c0854bbbfb00eca0181ba79

Analysis

max time kernel
148s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfca959956217a60cf7bce5f6d59fd97_JaffaCakes118.html
Size

57KB
MD5

bfca959956217a60cf7bce5f6d59fd97
SHA1

5aa327ec704de2cb354ac62f1d733f1ae05b23f6
SHA256

17b88b54b0282b0db271c49fe9df9f91af4a7b525c0854bbbfb00eca0181ba79
SHA512

1d1353b08857d721e65e003a2b897af7e6af564f70fac7dc097837768dc4c9f6b58afcb1e143f17526bef62e495a492acb4de3aa18712433312dd91c151e3e0d
SSDEEP

1536:8dDIa3ey6Mor70AUC0AUBqcJFJE0Foh/4TdqQEk1eXDGBaDBe:ta3eyXFAUnAUBq8bE/ydqQleXDGBaDBe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
4680	msedge.exe
4680	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 3004	4680	msedge.exe	84
PID 4680 wrote to memory of 3004	4680	msedge.exe	84
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 5016	4680	msedge.exe	85
PID 4680 wrote to memory of 2536	4680	msedge.exe	86
PID 4680 wrote to memory of 2536	4680	msedge.exe	86
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87
PID 4680 wrote to memory of 3864	4680	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bfca959956217a60cf7bce5f6d59fd97_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c0a46f8,0x7ffd9c0a4708,0x7ffd9c0a4718
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5232445047652943317,12620613379541847062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8f241333fd6164fca9a0dbacd3c36956

SHA1
d07c2aace171f82940b9308a0c4cff53c5156362

SHA256
e284c7ffc7009310e15d48c35315b8da78d9519c60b589f81ee3b0d990cbdd76

SHA512
f255ffd442a59c7a28e4864bea553e821fe89264bceb1caabfdcf6a2d838042cbce9c7e7bf0f9f367b0e261b622c2fd4e7af8f8e9cb7bbac138a0e8d848c1096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f66827feea12cba9fb41f3415d288b20

SHA1
397ca6ed9cb057dcceed824ab345002bd1b52ff7

SHA256
fd2de66cea4876941c9e05ed59eae6c6f3376a5945ac902c90261a60a02ebd02

SHA512
f3193de7870de2fe9549e13a21fbe4f7d5302c486241be758b6172361a1bcf68888d735e02cf7ad79d20fc4bdc7eded86ee832cc5ec5ec90252443fd7cfcd59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da9e27c37b267f8f89aca8131f0de4af

SHA1
878b7cc5e599adaa30fd43c8f09026e33a61479d

SHA256
9b2ce0e895d4035cfb2848a95cac54c46954131f88215d35faee582ce19d7d84

SHA512
7f320e19cbbaa3d1a5c5f7424c375c1c60f536626b367360c274c6bd7edbb2c48977572af346f05bb7b88d08f8e770cb72939f285310f66c1f0676796b6b3705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
18ab2e11cbb93467ae537cd25e4d1067

SHA1
1b7578828c0c5177405db956892d5df2c533a8f6

SHA256
7e478d70eab9ff51726b756e59a7bd532b89f8d93784c20328724e37ee5d4afa

SHA512
f461542ee7711c07378fcb44b6556259d23359aa4d8463708b815fdc9bfd014c72daa08b1df1702828834d21f7b3cddd096deb6ba18840ebcf2dab3894133f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1f6bc8c02d905666381354290d3e02a

SHA1
7095062ec5cf08341a206fbaf7d2c2debee713a8

SHA256
5610b5a9fd652672d1525b5ffd495a1ea55c8bbfa5997365e45462e5a8fa7858

SHA512
b19546063f01dcfefa8daf247f2aa00a286bf652745ef46fd095e9d052085947e28da7a1172e6176843f7387e4e1a3ae06354e4eebf2fa12872320f992a9cb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ba639cae40c36b9b5721f813413e5ee

SHA1
bf68dac273ef8791f93298ab103e8f5e730e8b38

SHA256
a7d574dfb91b69604f27958f439917509753d8101aad25ebadc39e01c3cfd06a

SHA512
7681277a7d984088359bc349c1ebf235cae8cd92901b7ac4a03be0319010f79c6b29132c964eb461153dad714a520a3ffcae3ec40741c562725f2868d6f2adf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c55f216a4e15a86e0fe5ce4d48ff0eac

SHA1
5dbc0df6251d6a5fc19a4f72ed0a6a2448a7d41f

SHA256
ee3ae2c6942280f224c7b2c5f11be2115992a94eb853ea179102ef0b0eb4cdfc

SHA512
d5bbe92df6a1db6bc3dd9005ddd556887f593139efc802191f63a3006fa98e0547e844a25850da56e05e7e6b0907a51b0da081ef758752470adb85f02d44faf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f33cd21238c6eb3cb02e561b5ecc7e4

SHA1
3986dee3d40694d2d1a6f9a6045b131ec4531ca2

SHA256
c929ba73540c14e2b927b5386cbc985930f733c1ae3f6f446e40ac0de007cde8

SHA512
4a02e764126a8f611196a593296eb6a783125c7750df03a2bfa5f6a24a153df953ec7120c078f8875a8e4aa8ae017bb6c3ba193f75f9ef074573a601da85ed4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a84ac3b5376de8fe38302d234be99bb

SHA1
a559e9acffd8ef11349cd18407f52bd8c396b41c

SHA256
b3195f0eb8bc16ad7d1644d58c4dbff4d07981e026e79ee30d9c73e1a4ac7865

SHA512
83ec0edc91113b374bd24fde249be416d2d51f29ef4b354e3ca083db9e523303a9268c26fe251e23ad421a555e70f610ddc575137d62436e6f165ced13f13b62

Download Submit