4152d7f6b9f4adfe74f35810e48a11e552f8a29c11099284f70b7f2b633e364e

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 08:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e094c40414f438b2d3c5a961d7f8426_JaffaCakes118.html
Size

12KB
MD5

8e094c40414f438b2d3c5a961d7f8426
SHA1

7694d0dec5a9832b8947394cbe49a6f78f123eb2
SHA256

4152d7f6b9f4adfe74f35810e48a11e552f8a29c11099284f70b7f2b633e364e
SHA512

4738d9d7b8adf0e04a3bec4937db6a64e7c3e1fbe686800487d5b13cc7b84886e9c64bd8a87c4c2d9c57fbf694d4a44890d601ffcd47bcc7fe2c5070b4c10551
SSDEEP

192:UhVqp+pBpVNoS96ebVicjWj7qS40lx6jK4kST/0JMJfJiJJ15Jn6ay3iGWvWVadL:Yu6RK3m0lLUyBL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
1584	msedge.exe
1584	msedge.exe
5108	identity_helper.exe
5108	identity_helper.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1488	1584	msedge.exe	84
PID 1584 wrote to memory of 1488	1584	msedge.exe	84
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3568	1584	msedge.exe	85
PID 1584 wrote to memory of 3616	1584	msedge.exe	86
PID 1584 wrote to memory of 3616	1584	msedge.exe	86
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87
PID 1584 wrote to memory of 4012	1584	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e094c40414f438b2d3c5a961d7f8426_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9f4046f8,0x7ffe9f404708,0x7ffe9f404718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15960534243172342177,2820513065146284015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94fa016c-d6da-496c-ba15-c7727bf93bfc.tmp

Filesize
6KB

MD5
1c2a8103f08e17cbb36c741c1b25ec86

SHA1
bade0680aee45fd930bb7c5cbe7f948cabfdcbb2

SHA256
48c68fa91d815c275256a5756dca0fdb018c19525817c3be44c0a62fb3cfa74e

SHA512
d31233db841258336dbec21cd2902937d18daadc05a8c300f4e1d2fddf69dba531d49f8428692f74de4d786bd20595b527cc801e2930c35f4407197b7358b81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6f1523766decf1b9e36f893f17aa493d

SHA1
9613edea153971105746cedbe9b3455c7571a1e3

SHA256
75abc21d352070b289edf9092d285f2d5c0a611e251f9cc65e39c72c9fdb74b5

SHA512
b470033eb96bb7bd5640f3c7de8e351db6ab5dd9423b8bc6d354d44e0caec7b7defcfe062d318e2c1aefb7a89cb7f8703faf5d4b05dcebab5d17b06b906f439e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
60ff71c23e89a1fa4a5e3c02306b7fd6

SHA1
a07a86872c232e9c82cbd20148292337fd0447f3

SHA256
f34a98f2bba6326437f619d91fad6c06b8de561b7a1b85aef4033ce0bf7b4d40

SHA512
488f42d1434eb7438101bdd77f37c6b9ccc5f09f051d78d2ac3dcaf0f24013717db1d429d195265ffec60a7ff7f032cc7c7f79ff38c2500fc048eab689d62d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4e9cb8e88df9524da62a96b2e507fd4b

SHA1
d1f60abc7ab7dd92692f57455948ca6ee0425a02

SHA256
236c15650eb23ce0bd5997a8a715b1618a581c9aa162eb48cd2774a94ea5b5f7

SHA512
eb9f4e6acdf494ec49b0d738f4cf9341187856a33eb3873aec5fb1731dc7b9b35caaad45144cb12680c4e429e4d84ac4bc44da408256b2f587041e9cea05b8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
be1d25951d73d7428e033d42e15eb746

SHA1
558aaa0ed46ecd694a047b0f8499eeaa31ed6427

SHA256
48a2867f247a2398c8c07bde8a5a711ba70a9eb84d8da21c549a3ac4a75d59f4

SHA512
eb3ec13c20b898b7d75b1da0c3851e84cae138e9884133638f9df13b77fd9ef3fe0f03acdef9c472739d316245de5e0e0777bb6c744cfc6e791d68aac1843ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
8ed955bb3a24b46d136445652037b3b8

SHA1
a3e81fcea89d0cf5396999ed1e8c7689dfd38fb9

SHA256
62e468ca8116278c56ebcdfc03abe33b81690862d2066f1e73c3a3ab6102d95e

SHA512
96123f730a3688995955087d47648ae06403a35309123252d7b83616572f7b5861ea325416868ab310764d6bb080a32c3cb6e1382534b75cbcc70e5b9f9ab49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10486ce01e59133044eb5157ba0c6f31

SHA1
2bb3ca7bdd51ceb23f76ccd509180732d8435252

SHA256
89b09e672ecb170fd043ae6d4a87f6a5e78363dd0352e7c5b9db594ecd0a6042

SHA512
2ce3248d5ed9e381229a4009daa51b2475018ff6e4e38b7565a93fdf0170dc8bac78d94e1ffae5e9b39c406ef5be430ec7e188445708f42b060b03018619bd5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
017bdf26286fe13824348bca13dc7d42

SHA1
d035c57bab4219b55b8595bf56e11baf0f7a6a6f

SHA256
29b0df61b5cbe2fd59a6ef2c9ccf0b73e7c52b0a0a14f43e1b4c6d685d2b5d3b

SHA512
d5996b9a723917347988df4838655b0d89a3fe2bb7bb4140800ace08c2a2a844629e5d0bdecf5c5a3ce30976c12c32388a21e1da3fbbe3e9915cc650cf8e9179

Download Submit