501a2bf5c05fcca818cf407db50da165ffe082eab515b5a8b4d627f7020d7d4a

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c84d48c6bd2f1221f955f225b6c71fba_JaffaCakes118.html
Size

37KB
MD5

c84d48c6bd2f1221f955f225b6c71fba
SHA1

abc4a617b3060846cc79e4571da659db582c0913
SHA256

501a2bf5c05fcca818cf407db50da165ffe082eab515b5a8b4d627f7020d7d4a
SHA512

8d27b9d0aa0690edd4538675f45bf3b43217ae8cc9010cd9aa9ab5ab0e56ea3722134ae233097a8fc1b5b634382e6309023ab32731810722f3caf2ec1ff9fb73
SSDEEP

768:afZ1PZ1L5pHCcSKgMb+WDNpTa+x/L3lglVgG0OcvnXiOfK9El:afZ1PZ1L5pHCcSKJb+WDNpTa+xTdGrcd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
1920	msedge.exe
1920	msedge.exe
1304	identity_helper.exe
1304	identity_helper.exe
5712	msedge.exe
5712	msedge.exe
5712	msedge.exe
5712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 4792	1920	msedge.exe	84
PID 1920 wrote to memory of 4792	1920	msedge.exe	84
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 3256	1920	msedge.exe	85
PID 1920 wrote to memory of 2428	1920	msedge.exe	86
PID 1920 wrote to memory of 2428	1920	msedge.exe	86
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87
PID 1920 wrote to memory of 4500	1920	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c84d48c6bd2f1221f955f225b6c71fba_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed34f46f8,0x7ffed34f4708,0x7ffed34f4718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12070346520659147546,10786850561199035073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
18KB

MD5
d73ff387a5203b0fc2c355d37ce1555d

SHA1
62ff4a7f39da922280fbf7d8852b4f1148e486cc

SHA256
a9e19222845440dd3c83cf5bf35b5455c9a4baac13b77fb4ceb4d2189823e05a

SHA512
c91c91ec0efd9b7696bb67670e3b360e0ffe48c091db042ec390523e0822a08032d00725eb9cc890e67cfc9ada1d45a8dfba53b793eabd333d645b065ce24a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
4d2a20b10219a310111db6afa2c82b85

SHA1
781b76d6b3624f29ee80b523298736c463052805

SHA256
9937fe5d13bf869e266e3fa02246e9bc85facdccb659f1343d425363039dd9d2

SHA512
54143688f7ecc036cc0d9537f78c90a90a7b8d4224fb8515800145d65611f8f6b46e5d22024cc60f16c25e892a51978c57e4d93e3e68045ebcf8928f327b1463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
d0007015af7e55b5874b6f7711e9ab67

SHA1
fd514e45401ab3c27d2fded42f34024260086150

SHA256
95c98d45b7481d60c8078e04973ca86a67833927fac958ed6d8c28593454aef3

SHA512
375ea404a1c847f5b5e10803277d6a54fcf22ffdde3f41a06efbf4732858d749488b7ac67ffd9461a3d0b7bfd8f18ad465946cd4123c54383a410db6e699a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
97KB

MD5
2db9a8490ed25841bd12a52d6ba12a7a

SHA1
019d983fb522ee335de7b9ae9f4779be50d5ba57

SHA256
5562cf3586175465af6c90988968017153075acab1638ee8b7f4f8162ac0ef07

SHA512
1dc395ab0669306c6269ea8ec0af3b6141e2f94d0b1471cad2d14d1e4497442926a54da335e785de82302595477c6633f8e60ff2d988c6b6ab866841615551e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
efbfd8c144604c186b939823e264f43d

SHA1
93960b5b3ceaee91b7d2068f5d7c88a97de787cb

SHA256
ba9d6192108f1b6b7e3d2456d648d5d98253e98eceffc4e6823f441088d2ce3f

SHA512
d17c469a9d9ee56854c0314cbd956528ccbfe8c3a0ee02a3244e6f0f7c49158561bed33c0354349305c78ab9234a01fb8a5a3bac892fc7c882d938e86983dc2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
888B

MD5
c8ad3b2f5ade8827cc455d8158cb93ef

SHA1
002dc7e5989e99421c157d5d6de826be12948c7b

SHA256
9244d186859b2d8971da75aae2a74585ffe72d423950d7eb8affcc79929ada69

SHA512
19f50305825410de1d557eb9cbf3d82b67bbd3da81a10a80c6bb46942f5a1e963bbd7c5fef79909df9da6e2d16307c326cd4790ef1ba6273e08df0b038ec5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
095cd1eebc39e729907349390b766461

SHA1
0e6ed31590b78ee1b1649b965b71b43fc20bd449

SHA256
8d09097df8d637a58c12ecafed937441b1db093bc32b064fddab3fd840372dfd

SHA512
3867ca4548e77383aaad75f3605dd62dbcbb06120547db36dbe17863740a103b960a2d2ba51642be05c96c58c7e5b3a051b275ab44249ddb3d3f7978d65f4bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f3fe0ee7d79f0d8df70a8da3e0a9472

SHA1
baa1d9ef1bfe42aa7325bcb7d9865456bee8a17c

SHA256
6f43ebc4b6f5ce9bab4061d44d1f76aef2d1b4da209a4d89dd3410672658ccc2

SHA512
b83d2d3796879588a5c6f5ae563246e784b17acf81b7c338bd3ffec4d0d7c64af289616785b8d8cb299a7658a7d2285dfcd315057109dc4053f4cd070db1eb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
896661e069836d1d93af1c8f32cec5a3

SHA1
249f62a8cd8049fe8b0c4c6436ccfdcd08eae13d

SHA256
408c6216213ce78b3ab50f89c5208f8c595d9f62d6d392678964daf42085991c

SHA512
8e1bf6b71d2ba8caf738f583f2866fddf97e549ec34d8bc5f801c124a96d2d220e718c31e5e1d7bfccc304b73e0d95c20fa5618b896adc38e505348c46c91b1b

Download Submit