526ca813f00b0f0be9ccfc59d052dcd85e9cc27a250b699b84b14aed9398c5dd

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c92644ee51e64dad158b683b4442b7f3_JaffaCakes118.html
Size

71KB
MD5

c92644ee51e64dad158b683b4442b7f3
SHA1

d614ff08d21a0003223f418032116f71340914be
SHA256

526ca813f00b0f0be9ccfc59d052dcd85e9cc27a250b699b84b14aed9398c5dd
SHA512

45a5c01881dea854f71b0b37c4bc2e8898db7fd7cd198f36dc85612254fd11e75b19f81bafd7d343b56f552e4d3637a3f481820e47cc80cd1dde0857178d5040
SSDEEP

768:4gOriWNca+oVgGz6awO4eb0D/Zmkdj7rPEXwXutDxNXff29zJ:Pyt6lO47D0M7GDvXfo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
4912	msedge.exe
4912	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2032	4912	msedge.exe	84
PID 4912 wrote to memory of 2032	4912	msedge.exe	84
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 4148	4912	msedge.exe	85
PID 4912 wrote to memory of 1172	4912	msedge.exe	86
PID 4912 wrote to memory of 1172	4912	msedge.exe	86
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87
PID 4912 wrote to memory of 916	4912	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c92644ee51e64dad158b683b4442b7f3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14284504060613614966,10383534386141249258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36c47eac-eae5-4907-ad29-c11fc9ce742a.tmp

Filesize
6KB

MD5
9fd17cd249bd5e61b22ed2034d9afe00

SHA1
4073fac8794895083e57cc6d2282b0e21078477c

SHA256
0cf4a3cce899ebbb94e6a31f2fb24d08c32b8be4bcb14c4967d8218055ef66d2

SHA512
45a6b05be93b72c0ee84e99e5ee70f9dec06fd95a6bbf6281ccd7d664cafdebb40b188bbecb9b9a74ba48b68bb36786850491d5dfc208bc38ae4c0c234f60bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
1f4558d879f911441361e06ab11a8710

SHA1
c46dd6083b5463a0fc3b1c0c4d824dc8205a0104

SHA256
3e99ff7eb98d640f21395e704d4e888c1aac8aeb39a62b95572fab03fd546dd1

SHA512
f134b702a11e00f0513426010f61d5896a7e45ad23ff264ea7e36d40a9813a10395270d87556b2b604f924fbb98c3b2bba409eed8121fbb01116d51acaa9bedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d194848ebd7d0af3f142da3ebe0a64a1

SHA1
c8d3f45e1e05786cb73e7107f6ff215dc138d52b

SHA256
691634334277ba1f71a1a52b543eb4753e93880cf14be83ea67484ed4e0fc63f

SHA512
13c57137f22e3394334e79f12741f7690999a4dac2c0c73d4346ec9602e8636b378469028a62f38e779644b3900a224a8c08d5de9beda92d6409da51119e5551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a6a37a3179d14f9746db1a32486b29a

SHA1
2a8182e1b64304b35245acb8137d2e0a1bd626ba

SHA256
d9d9fc36828d4bb5989ec84694deb7bb182ceb8789cebc5b534c5213d24a8ac7

SHA512
0872d84bd4d7417cd39b09e0d8a02fcdd4d85cd3871aaab47f1860c7f560f7e5171a18f7e8724bbe029be97f215fccbdb3e45ffb65c3010d93acfb3c16411d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a03b61406ebb0b8cbe182363e7eeadc0

SHA1
80eb48a180a72f84ae68e149600bfe3ec9907c08

SHA256
7e30779b28d5c7c69a9a356e1deca506162ca896ff87204aa2819b06a1caca53

SHA512
025b7f98736dafdb36482cfcf6e578020abb5f89b9abff497af76569a5c3d1b1c66afbf04decb544a5ddcaa47866e242422d10d4babf977031380601103a613c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c652462aca5a8f1c8028c59f894ddc9a

SHA1
fd541d168f23dee9729d0473dbb227508e347293

SHA256
8df397fea4c5a5fd9ab0a7fd3e71d7b59555b620ed9fece5f0f75d0c135498fa

SHA512
0272eeb72fcefec000847b9b77fe64d36adff1945aad6a1461742de36abfa823a7a0efa8110d988343ee36585d7b9f73e0c19aeb779af73ddbbc769ba913154d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf8895ec6d131984abdbed1d20d57713

SHA1
a3b5881356922c107974e5e56e61af822745f65b

SHA256
31d26fd601f18929b7e87e7ea246f194a3a65e705eee61b7d2e018c7d2df1500

SHA512
70a07e6e97fd7b85289c12f89d8091a054f484e5c5eb8f0e4c6bedcab45f44b011a837499b6319f8eeb0e98f15e9c54b539b398a605add70ce13c27e3390f592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df4debd925d67572c335d4e727dc137c

SHA1
e5aa325a1023b08c9b292c1bfe313c70a95c80e8

SHA256
3118389d89da231c40a704a57764fc515b2fb020d869ee1b517a38b0a551311e

SHA512
a1133c5db67bb1a0625b16a5e270ba79d5a9e0c3c290e17ee946b2acf8b63cc98169f0131f043d064a736a84dc57e15fb1de63364c4ac7298d002a9b7865e017

Download Submit