2e2845afe2c0800606c5ba0b24c266fea8ba0710ecc4e0a36708c2ffac8ebb51

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5d4073822641c4740698a31cbb7bd04_JaffaCakes118.html
Size

59KB
MD5

d5d4073822641c4740698a31cbb7bd04
SHA1

49a5f9394b9869ee6fcee62d2e1e8afe0a12c3f6
SHA256

2e2845afe2c0800606c5ba0b24c266fea8ba0710ecc4e0a36708c2ffac8ebb51
SHA512

ed3b4aa407e45c5dd8621f331a622a2de5291d6edda89fef9dc6e3e0db35cdd664fc720e743b615597fd2ab35244b105ccc44ef480b1571fa217cebe6931a8ba
SSDEEP

1536:e82i/juqQhtmQcJKOvygDhIna5i0bIFe6WErUJ2EwewvIVL4V3RIHR2:e82iK9cJKruhIna5i0Zwvd3RIHR2

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
15	sites.google.com
16	sites.google.com
17	sites.google.com
18	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1844	msedge.exe
1844	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 3612	1844	msedge.exe	83
PID 1844 wrote to memory of 3612	1844	msedge.exe	83
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 2408	1844	msedge.exe	84
PID 1844 wrote to memory of 1292	1844	msedge.exe	85
PID 1844 wrote to memory of 1292	1844	msedge.exe	85
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86
PID 1844 wrote to memory of 2980	1844	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d5d4073822641c4740698a31cbb7bd04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,152958846572546372,14562337098346301730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
04022eb334d73ba5f498cff046b35d63

SHA1
7dc99d9fa21955ce9484a3d269c260148b035f74

SHA256
d8c1da76d1c7fbd3ad182bbdc8f684644271d521216d011b7eb20b405dc9485d

SHA512
4ccf59823e758466a38b0a7a7260324608ebfbd0ebc7b5c5c572225b2099659bf893fb433b83d5600315869f2f482132a38ee05625fc64a72d772b7544699696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c20e82996e55288339889fa121e2a821

SHA1
4d513e0e5c0355d09cba068c16e8d8fa51e91a8e

SHA256
36e323908277b4afe29d85b122b06643500b71e4fc948ba6755fa8ace4bf7078

SHA512
5298851ba4803f9888558102ef233bd036c4a5a8bed2cf9a4eced0860689ca88c444c4931c722e31544906f9acb82d0677697b0186cbf52cd043cdd3b3aadbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b12dde4cf4f42ddb79e917f4087d7889

SHA1
d97a5fea049aaa53d928ad4872c8e134b56cd09f

SHA256
4028743535d64a56009fca88a7d744e9a79120382e0cc0d7bcc6b934c33eaef1

SHA512
703b7866fcd767d434dd5b8d9e95b3b09fa45419fab1ffb6eb5e67a674a7afd8082ae7f80b138928153b84b799839934de8c0dc9cda13a86583157c65e704265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebf11d8c2f342f00593885a1ade0d244

SHA1
134085797dbda14fcc8e546686cd3ccdff11fa8f

SHA256
ec88002a7f51c67179ea11211d5022798ef40e1f69b0bc0e9d262381486c423c

SHA512
769828d318c2daaf776277c2bf139d837405f4c96e302ce43b3eb98ddb388440690f17721c3d39ddd95fea3ed3cfefe159c16e6b6c881c0d8120569aa4a1a48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0dd98ef0a07902068ac0028ec1b9dc8

SHA1
ce2c34398963ca859d65a749e92b8cc85fae4354

SHA256
98fb31581b8983d8b275b435dc29121298f60f050a33061c229f1666c6983780

SHA512
41ad70117bdd91b1b24673e700b52a231564c0ec0f7f51a5aba73dd3b83402cc33f5b8f1944d200ae205375bf1a8687bdda75e74234b8d127d9994f05a9481ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
110760841dd9cf7f1a41721b77ce277d

SHA1
44e3bbc31a08457f007b1486eab34ba5979d37a8

SHA256
b4a4995595c0ca9b284d077f2e36d4d2af2868dab2956bca1f865a71d43b4067

SHA512
b5f562bb21acfe9398baadb57c4acfe64693f7f8d1b1472de75dac5425c935a17ac78c5f5d1530e172e99bf0ef3b8a5935318c2a0160175e0663d0218ddb6cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f75c2accd396a43e5fd6411c5af78af

SHA1
e2440e95cc3e69eaf101e726bdd78f6faf8cad6e

SHA256
f2e976b4a44bf322323a784212bd44bdfac86042977c19a8bc111d7d2bc42ef9

SHA512
33594edfe2416190d089dc41e8bedf17014e9f5ad2c946e384dfb987cd83c5d57c257dd91e8f81523e15ac3d78998f14b690e3603aedbb94ecb7fe4fdc8b1570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3cde0ac2e92f1beadc6a16947a84a04b

SHA1
c3930eaaf881152664c82c17b10b03cea2e327d1

SHA256
500a5806bc648dceeb13c0f55a617e3fbea3cd846845cf520370de8057577786

SHA512
011cd87f1f712fdade44b6fc47dcf3d8be89a1f1b6078fd082cee5e0ccd2a9fa84dae810537440ee6897c38185d15525606e0bbd08d9b88d29f88fc7639ba0e1

Download Submit