ad183f0d8022534b09def8dc6bb480e844ca8337aa73698903bc111034a73ed2

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html
Size

73KB
MD5

3c9a494d25cd1fcfe2c32d08b2e122de
SHA1

0f6d630ea6798e8f91de7c922d20e41bc7cb3ae3
SHA256

ad183f0d8022534b09def8dc6bb480e844ca8337aa73698903bc111034a73ed2
SHA512

d117ce3d44efc94d7da9a439ba3e40c8d24333549c01812029091bb9fb2deca0b9c6ec6df684dcee3d7d7b26b4b4c85e1f4874804d47a03286f6982a895ed9ee
SSDEEP

1536:sBYyDjBUUNmLX88JiNBfLRBxmOGantoya1vP7:UYyOJDantoy4vP7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
2500	msedge.exe
2500	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 1532	2500	msedge.exe	83
PID 2500 wrote to memory of 1532	2500	msedge.exe	83
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 1088	2500	msedge.exe	84
PID 2500 wrote to memory of 4624	2500	msedge.exe	85
PID 2500 wrote to memory of 4624	2500	msedge.exe	85
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86
PID 2500 wrote to memory of 3972	2500	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9a18ebbd1a5259eeaf99bedd8cffcb4d

SHA1
dc24d5d2e0a63b943f8d1052a21ea89c308eb160

SHA256
80a3e25101739fef60e4ce128f1d81bdeb9d7ef3cda06f3f6de483adb2e4450a

SHA512
5ab1915f6462035c0fcdef54846ff9abf2d7ec527447738861fdad2616b82b2b17a307027af1c7217f4c0f4f00a06ccc862179ff435b024bf2189448314fa490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
114a3b107904401f8a0358c0f51a15a0

SHA1
96f8a12d9bb07c853a57fb13709292321dd7c642

SHA256
b1421b0871329040acc8b81d39b369be426ad0cb664daca2a194dd2eb5666338

SHA512
2e7e1ba0a7f1782eb2846ef9dbe74a604c477ec2126923eec99d1d685f7d965738279d4d736a8eda8017610811e925387b1c413ea648cfec528d5018eb4758c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17d921778580233e9d4c58d2eebbfbee

SHA1
616bda05dfed0e2df07d447d20c1913be17f23d9

SHA256
a297f0c52a3e514e6dc45793d930a77dcb8de1d9df4b0fe9e7d9bdf623ca1f03

SHA512
edc09ad319e45ac88bc3c35850d67b4e0d8aaf0de1f3043b0ff75b5a7f0ae50d9df81887b490925cac83edcc8e35d9f874de2d33b4263865367b0b4f33cddfc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90db16e98bd45fb9b8a3cfa30405b09f

SHA1
e6b3e39ea50c8ca53a4a107d9fba3902dbaf0bc6

SHA256
45bfa818cb700c9ef5f31c7fec7e508daf8f700e5fd9eb821b773d08ecbdbd08

SHA512
43e3e04b9fda816531e0440417d01c6e8a66704783597224c399aaad8f86e03130744f549adbd9bc8fea2ac9d083b33b5e9ce95a1b1803b6ee89360addd430f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1b898ec5fcad8e8213f9c2d2fe90a02

SHA1
79b705582b884da262129d9f0ee4369b5d291547

SHA256
cdab1c8c6c98af547d91e65ef42bff4fa851ae0d493d14dc57c5aa0b2339aa58

SHA512
0deaa4b99b26325dccebafa9d2c51f674bd488f5b877b9da6d82f13b59dd968fc895e91b57480b6afa95d12f379198d7bb75295ad868c578b1c1920ea5179ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ccc1086d7ceb069733b98f74f16542b2

SHA1
9c3063b2aeb210d88bd49d0af78aa36eccae694f

SHA256
b7196d9014fa215172701b2fb43d5f4a58aa5f6a32fd992a554bdf56261fd64e

SHA512
e4cbdca225547cf0f59c3b1272744ef364ea7113c80f1f774838bf53f4cd154f2bcdc6bc11ae52239237cdcb6c216f7e3c5601dc39a152efc2da76bd4ad60be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c723760f935a20790387d3f3362fb18

SHA1
70b13279600642e9baa2ef8efd4e31fa37df5082

SHA256
f6522af2ba57ddc071935eaf0348e131797c88012ba544174543836e45d32fe4

SHA512
18b483d0bcd9c0cd6bc0f69a34a5054f5aa09174928f8d651067dbf12464d2d9d551a186433f20593648306b984f0c75ae6ecd2d2e760eaf16fbfb89b3061e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9379047e43b3b4628847bf4dd8441ef3

SHA1
e8e437ca53d38fc7dfc6438cca493f7931ee7a8b

SHA256
73fda18fada419f753bee7b4b60fe3d0b030273df3863bc42e8601d858b6dd6a

SHA512
2109cefa693ce4fdc25293b9b0160cb7d0e7617fa26b6bb4c38219cbf272be1a4a11d6b837e1b8493f3b66cfdd9a0c1b1cff51f9595fe9ea36d2a2d312e1f372

Download Submit