c52a46922aaf3e58b81b24512be09894aa6a9fc2fce2f561c2e103a232a1fa20

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
Size

159KB
MD5

d645be115c3f4d55390c25e1a882a915
SHA1

85c41c90cbd05a0278e13eabfe2d1fdc9ca79a74
SHA256

c52a46922aaf3e58b81b24512be09894aa6a9fc2fce2f561c2e103a232a1fa20
SHA512

53007d6088d715b7b397b04d8e76b1354423881122f2dbb92dc90c8d51416854637966398920cd15653b94175d714e564127d0aaa75acd9d48399d7bd27d786e
SSDEEP

3072:3HRcVhIVs2LQe2U0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRSxrfeOG9pr1a9a9:Bc7J/jXmNRT1RkR8h

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
4872	msedge.exe
4872	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4172	4872	msedge.exe	85
PID 4872 wrote to memory of 4172	4872	msedge.exe	85
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 1392	4872	msedge.exe	87
PID 4872 wrote to memory of 1392	4872	msedge.exe	87
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f70346f8,0x7ff9f7034708,0x7ff9f7034718
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
18c4a6e2d586af484a0c0bbd5fdabd2a

SHA1
b55c956c1d31e943f71df4fc355fde69782066a0

SHA256
f6a293ff3f2234a9277c8f68dccdb1aae95de2d3124d7ad5acd59e65cbe0899c

SHA512
bf96cfc9332a72783294163f6b00e1dfb014eb5daf344f967c005b2ca1fef0b82207808676545ed7cde75d77c9878c4c6ce81c99ed537dd61dbaca71cb45607c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1c36bbe069099d72bbad12a21fbbd3d9

SHA1
b6c27533fd16e9f414bc75b1d9c480fe82f1879b

SHA256
4327db11266c2a3e3ca97fc173554e601d7ac635543f765b8a853657cebbb794

SHA512
2b6c73faa584f7d77c7fcbe1096b6b741c584fb76d3d23782def935cbd540b91abdfbbd8d20fc6cc1e6f49c134ceba5e16ad0f75837b7b58d1e82f4ac8e23e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cefe94a9b285d7293915859b053588d0

SHA1
3f0ea4b505954989323e46c295623c190a7c2a02

SHA256
7a65151af141a7beafa933e6f5be1312bf00f8c26d994fa3f2e6455a9d618833

SHA512
9031b2e07254fb25643f8e64f8aeb7d8a909af583ed5285c3e8388b4b11ac92dc9409fe374e1a04e585001efede13c4dcee24de78e0b6eb4837ff212151dfc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42e09e3b691d6d0404ec1d3daab05631

SHA1
bd8f120c86f828d924fbd8029f6c21b379fcf095

SHA256
0045e5a9d6e05ab95d26df4fbcb314f939cd718d9b05b84d5d5855230fb9df72

SHA512
c48517bdc05074592efc581651c8ff80848888bfa4c74533e357d155886ed360402a959f17747736b2e4c5ccdb1dbda3ad01b41ef027ad92c4a0f5cbb3c52522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6490958a8f73ab566048d1c7bc6291fd

SHA1
83c251dcb382feb47b1349013a3450848f8e407f

SHA256
2d55af8f5bb52d7a39d03a7e4cd21db8826660be8d392b86ff41adb2d4538d09

SHA512
37603670b8ae27a509988a9f9bccad43ace1df8355bf6633ec23c11b394dd4c45f1ba764f609aa93596a1f543a5cfe599ab6022c4b8f5910057aeba3233ed9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c296db35e57a0715a2d91e150a4add1e

SHA1
069ddab1771bdf04f363581a9cfadc9341e379d9

SHA256
41e1db4468c50ce927bc9652810242e560ed47a77429341c5b88ccbd2ba671e3

SHA512
2fd13e44a052e3bd729956ed651e23193cb0f2520b6a7733a455147081af4e24560cd678d76ced040f5d3afbd5dbe0b161c7ca871cf7614d2e2ff6cff2b25009

Download Submit