f80ba3adf3b613b62a54a0ec8a8a2cb603d8d7ac4f79fabd542feb650993f5fa

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e83cc29814897d8d7d5e71566e0efc6_JaffaCakes118.html
Size

175KB
MD5

2e83cc29814897d8d7d5e71566e0efc6
SHA1

3d0e9d004d5d81f3bb568a8f4f744a1a8ff376ea
SHA256

f80ba3adf3b613b62a54a0ec8a8a2cb603d8d7ac4f79fabd542feb650993f5fa
SHA512

09ffa3ac5e1c694f3219ca1c45924e0e06d2cd41be22430417b04a45e4346dc4fd90708a7a8ca98a8114f7f51a4fd217c00791c28e9ce1c9759f2213b0b894f5
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3IGNkF6YfBCJiZC+aeTH+WK/Lf1/hpnVSV:SHCT3I/F7BCJitB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 4044	2932	msedge.exe	82
PID 2932 wrote to memory of 4044	2932	msedge.exe	82
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 4700	2932	msedge.exe	83
PID 2932 wrote to memory of 1192	2932	msedge.exe	84
PID 2932 wrote to memory of 1192	2932	msedge.exe	84
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85
PID 2932 wrote to memory of 3472	2932	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e83cc29814897d8d7d5e71566e0efc6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8537f46f8,0x7ff8537f4708,0x7ff8537f4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,903424767902924216,1229552244754456900,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6decc496abbe6e8d72c03df04d915d01

SHA1
80479fb00c17a26a6114471eca7a43ae7d92b8b1

SHA256
fc64a0f245a9f5247801d5fbab6e5e76ee933440fd6c9cedef7f4d5835fc3a38

SHA512
881bf1dec6be7034c945473c8eb71388871e29ea09f5adaaed0204e657485b1cf8ac096ba2efb4863272a2e71ea0d085484c6ea8e5cb76d2aa14d67cf2c5413c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
1ad6e5bb73419908316030f9933ab0e8

SHA1
1b0dee38c2d256517bb0106b518e16373ecbedbb

SHA256
a857fae78b24ae6ded39e0540e72588da0abb46a702bc43e2600ef3cd4a80f2c

SHA512
c44eaef3397ec9427c41a1a652ad4b4a058d2f32af0437f439f65cace71901f7969058c630d49edac363d68a4e04d979de8e14083660daf33d2079be5c17f573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f987e7e0dc339d236dafb8547c9c62f6

SHA1
40f1cc0a60ce2fc0e9da20d3e1ef3d24a2dbe13d

SHA256
e482cfa1294e03b0d62739885d1be88ddec1579173dfc2267725d43bf68e268f

SHA512
e978d39c68ccf9250d59c0b46e78a5b1f9365a88bca96f0a30f6be6f358c5d90296b2e78c8cf841e480f64177682bf7f4b3487e1519bac6de8927f55112f1bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7d31ccf47c0f7f1e7f1755962d3f9523

SHA1
27b31f2d6f416bfc7cef1ac721bc3700f95ddaf7

SHA256
8e7568b1ef9e5b0f1b1f970ce306e06329eb306627b9329b694c90c5c86f148f

SHA512
2d2dc20f0b859797cc58438037d038d472e3b6839404afed4ce7b7f1cbafc0187dcbadaad51bf58aa8d61f76d3d402df9b9bf18d6e411bf60ede630a6d3f5d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf052081cfcd6fad070b8736c78651f4

SHA1
ef2c2c64f3c5c7086944f207242b6b8ae6b20856

SHA256
9a906be0e6361f263b9be0873126099e8e0d4614862b7fc675ca5a6a17f0afb0

SHA512
c4a6319ae77b2bf6003c9311679cce39406194a87827bd67270fa9b05aad011b025da980086530db47aff8ff2c34dded4a64f5ba34210d52db9bc3d9ee85f07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3bc9887163f84a182c1b189ddbe8f46d

SHA1
e089cef44748650c5143b27b42e27edc7aa48a04

SHA256
ae08b37c2051f40a5d0404b1fe49ec3cec02cf10dbc748ad42fe7f03ed9c9061

SHA512
fd000da52efbfcd18b284458e662f13c5c19093488f7b2ec4002e73fec7cdfc0f8de07dbc09946d558e46e928ca20bb1edf685e9abb23dcc3858775d5ef126ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39effebd3ed4c8aa1d7dc6ea1d4bfab0

SHA1
1d719a1c60ade0fa433faa235216b6cc49d996b6

SHA256
34d2d92c4eb034b8a274922c7f1d7c34ccd402c0aaa68046f8a455e06a96a868

SHA512
41d8dd549416f6b086f3b9a296616e82289b6e8a81156b8302be4b4dc3990bfd62dd71852409baa3ad7d9a764708e4cc862865dbe405cf31c7d889f444d8c6e9

Download Submit