b65d41bdacbcc798deefae4d66ef17e67b2f6918ea03f0584ff435e0220a8e87

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 00:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce38d8d38b22fe548a3a5d5a75d01189_JaffaCakes118.html
Size

53KB
MD5

ce38d8d38b22fe548a3a5d5a75d01189
SHA1

2734c755fbf3f599a3126cd15f8e340f90a5ddf3
SHA256

b65d41bdacbcc798deefae4d66ef17e67b2f6918ea03f0584ff435e0220a8e87
SHA512

c84971a9cdc36c76e9c5ef9a6ffa2dd1b0324e1b4e04eda79960f282da1ade3db34e7aed01e6feb05ab1963fc483077946c4bbaf42378bdeaee0c4a910365dd9
SSDEEP

1536:SnfmXFY4KpB3vchMifnt8n/0nk9nLWnL9nJ6ns9nc6ns9nP6ns9npAnv6ns9nBA2:SnfAY4KpB3v2cI/iYQQlnBKI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
4916	msedge.exe
4916	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 2208	4916	msedge.exe	83
PID 4916 wrote to memory of 2208	4916	msedge.exe	83
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 876	4916	msedge.exe	84
PID 4916 wrote to memory of 1548	4916	msedge.exe	85
PID 4916 wrote to memory of 1548	4916	msedge.exe	85
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86
PID 4916 wrote to memory of 2944	4916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce38d8d38b22fe548a3a5d5a75d01189_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf51a46f8,0x7ffbf51a4708,0x7ffbf51a4718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16668697699817961419,5570105253249120498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
00cb0fbd193f9e2036c60a4e3c67cb6a

SHA1
82fc2825b83b13f9b2a765a9411fea22d79b6fca

SHA256
f1fc0abb3ead0ac325cdb31c8bd7f6b71d353315b66b7d575510e676e38b5a4d

SHA512
481eae50d73f16adb90f09103e03fc0cfbc1bc5a70e6e7c1c6e61e6cfbb627cce8438c778847e0eedb66f2f6e94e59f1e0368e2e38d2775a9cba5b8bd1846453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9479988175d52b43c8a7df0819176744

SHA1
60d352fa0bfb7539fd57ebee067958a665a9b9c9

SHA256
bc7602101c8eb96b365003c6a714925c624f9a8d5fa7cb420138c428fe27c6bf

SHA512
2c748252130a31d399f6e3c53361b6e9b462451d49b694af9994ee09fed329dfa3c904b2789400ad305e586d88c6778a15a95b899597beca13759d819c798fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
77065a8bce8ab3698b7186ac9b13c02c

SHA1
edc494078b13ce96a25b862db7decf2302aa090f

SHA256
fd4e919bbc1111eadb71cadb7f071cb36b0dbeddc2ef37716b89231576f7e068

SHA512
a291d48034c8d9109324f98c38a6a01e071ac11262b94f12c9983607a51da65def88b681a5061dd005f166f3f6a7c0d6b2ee4aba8396ac1e7d6f06187a86bec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f4f7cf71d2d2961b7c2b4e5400a3a20

SHA1
1c297f6699c1f7056f8a274871d79319a9683537

SHA256
4e53c20474414a6e8e3e2c475980518c478293b28689c6e791f65903f9107044

SHA512
11a47b77831db0b25cb8aeb4ddd6651c90160dc7c31489aa8136fb32baa2885dc35f9777648ffa78af8936e6b9cbe6fe7b6cb6c34b7b5870db58467cdf6e5b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe04021f1d48a13fbdf651d348065033

SHA1
435f6fd3be4b8f5b4853413a5d5ddee9e392693b

SHA256
a6221fda8e23a47a0521578dfc75c2abdc683657a9d3df5115b523fdaabe8504

SHA512
52cc73d0cd627e2dc930fe8070b583b27ca688b6054c528471c41c580446cee790f02254fafec7bb22f8ece4633279fc7cb55d6e72dcafe0bba932647acac568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c22a5ee480f9a55e8fead22e8a777547

SHA1
6feaa887ce052721f49328158f0f18185ee9c5df

SHA256
fb8ac1040a65445621465243326f99ea364d2da86dcc796be2e15ca53229c32e

SHA512
a6630218072f4b1e674eb47f45aadcd6b5023bf6965e00b20badf9d680e074c15919cdd38dd4020574481a5269ffa552bf8ac9a3a7a7e226e50d54498c44d864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5f96e176a22e5dffda90089b2fee1e0

SHA1
b1cc6b6c37a720307f3b65ff280e1bac2572f192

SHA256
2568ffa3f56d1c74f489c7f9981fd8a3291c143dbc0723267ee7a01334814abc

SHA512
635da07163504366393e747cbe17a5c81dcd061300635f6185df31b4768d9c498e5962d628def18de809f24b4fcc2a32d90f3bc513b68b011ba7405eaae7c71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b21f97146f3c50836b076cdc753268b1

SHA1
1e1ae11e38616869936800e292060b0af57b6c34

SHA256
3dfbfaf9fd67a0e0e1ff5d723c8606b541cf02d132ee521755cb88b966b4e50d

SHA512
3ad375df51cfd6f103eaee037f0512a67848b5355fc5ed4b7fd3e3f40001e14c4483a32f041c14fc54fcd377c58e603f5fb8a309dd3b7a1c4e8638a6df32c0a1

Download Submit