06bba4b82d73c3fa4041a98dd1b6d79e61f1ef14e2b7080cc44e2ade04943d1e

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead91577613123de7c858dddf6387655_JaffaCakes118.html
Size

58KB
MD5

ead91577613123de7c858dddf6387655
SHA1

655ef302d6d1b32a1c577e80101f27d118583fb6
SHA256

06bba4b82d73c3fa4041a98dd1b6d79e61f1ef14e2b7080cc44e2ade04943d1e
SHA512

ae1fbcf1082c54b2a41215bc887528dd7b9a9036b420f6ab3cbbbad29193bf7e19684d3e2326475ec5d73bd384b4245cb59e16e4fc16abc8cbd0485a3e084101
SSDEEP

1536:XFSk4hMZtwmHtDWHv7obgovgqOFGOKN1TCIJKMt98:XFkhMZtwmHtDWHTcDvg5FNKN1tJKMt98

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
4452	msedge.exe
4452	msedge.exe
4384	identity_helper.exe
4384	identity_helper.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 900	4452	msedge.exe	82
PID 4452 wrote to memory of 900	4452	msedge.exe	82
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2168	4452	msedge.exe	83
PID 4452 wrote to memory of 2936	4452	msedge.exe	84
PID 4452 wrote to memory of 2936	4452	msedge.exe	84
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85
PID 4452 wrote to memory of 4544	4452	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ead91577613123de7c858dddf6387655_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd62ac46f8,0x7ffd62ac4708,0x7ffd62ac4718
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1355564856029040347,12221778429188748176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
aebd7789303bdf15e33f4e0537e8e617

SHA1
0b598b118cbee8e42079c9e22fc61d5495f5a2ca

SHA256
804f1b31d7311f0f4c4400e48cfe750d12928cb3699807e954d4ca8afacfcaf1

SHA512
5b9dffa48bbdef1b6a4c90fa8827662a47fe4931ec4b72ea4c8a085114c30d2e3b1e2ff695a9b0f694e5af247cacc589fad44bd544d5bde87e6cdeb03ec5f3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6327a7e9e78f44a1ceac29d0454472a2

SHA1
99368d7a6e5b3b4cb0322f98e92aa1f6726d9032

SHA256
7b419a9d24ec6cd61f4da6dfe011956387b9bde54ee4535777c407e43d2abc23

SHA512
7d7bdcd0ee75c6285d9a21111e75e5b5a1cd1ccd1525278e3584d30cc8c082030c034f63d522b9a9daf4925ddf9f91c185a09fb131dffbda6de90f131786735e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
695ded0767187d092832106aaf46cc04

SHA1
676f0cffb3360ae6a9359482f77d37e025210814

SHA256
e925552a12df16b21341849eb17a38bdc6ac26a06195c6fbea418a6bd98dac92

SHA512
0c5396c23784273cb137f7029503facae2bcbef447010aa7df54f4d892ebe56a5af35f87b797d73d7d3d9e645d0b904f132baf3cecf3831e5726fd7ed53bba00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
436818c3c0cbf4f40e6b2e7202822768

SHA1
d95510e37fc82c6210c10d247a25324ae6d6e2fc

SHA256
68752887d0a7bec3bcf1c1f6593ad3ef6ee3de30589efd2f15764f7bcb5d803f

SHA512
1641fb02336d6b472dc18cc1094b5d0d285d1e6899c2265d8170d18c1179609fb95e98fdfc1b1a108c9df697916e8a4f0868e17a5def802d88e146b968982e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf3f93a4e9384a2f00edfb52219bc76c

SHA1
32b3d50624f1f9f531021398e059b412524add30

SHA256
771308263aa34da7cbd875d4bbd9da1b492c94238bc42757e225e9143913fd18

SHA512
fa24bfaaa5c4415fcdc9ad472437f24da5f0c9bb043925daf3eb95ebb6e2bbb4e5281186d66df18cf58d8d7193f17cd148e7c7b62912e3433ec530207f1a2d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f10e20c2926add5da5cb0be258407f64

SHA1
e7bc46e76c39bc27dfee5cf2e87459bca2b95dca

SHA256
56cc094fc3186c705b08df578fe8cd4322e15d3bffb1e2b76ba5d0e20001d736

SHA512
7c8a03edac21b44625a515122454a8a77c089620f458c3ff8c460e95b67a059f3e3e8665efb85a7725610060000dfc9470274d68d69a40e240529da942e77611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
196fd9a8e13abc98d66172314c6214ce

SHA1
9ac1f6e8b52cfca185c86f657140974d94e1e7df

SHA256
5b4c526c08030eaafc67d3b3a294493c4133911cb99204a8be964599d4687676

SHA512
1bcbfc16f1cd58481118247c66c13075a8316a9c4e446f206e554720d139777c79e0929fefd997a1ec3414ba970e51adc46dc77c4c6d4884183eb39b41ca4d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed492c579f763e001898da787f0ef886

SHA1
a1c86ec836e362d7e457817e3c1860bd1d90b753

SHA256
d5745ed12ffc152788da37a620d9412abb4cf67c8110b64c4263fc634e787619

SHA512
8ddfdde72b0a0cf5f35c253ad757a417885ca764f596e656d6cdc8db483700fd42ee0cd518e6a68d334c90416831bb99df03125038adb6b15e456da5d6652c87

Download Submit