65df01da72ce6729ea0da574380849a043c981a42ba296226be5bdb0daca5616

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 10:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

da31ae7063bc2f16f3ce12213b203468_JaffaCakes118.html
Size

35KB
MD5

da31ae7063bc2f16f3ce12213b203468
SHA1

6f6cf3df1f7b2a5e4ae234338c7c834362751c26
SHA256

65df01da72ce6729ea0da574380849a043c981a42ba296226be5bdb0daca5616
SHA512

c9bca660ac7a2fb9ebb2107313a2666b1fa837550c4c8b6431418353e193aab042a4075059e6e74470c4464891ba8d530e10a864a950cbf70c8dc5efdefe6b03
SSDEEP

768:y55a2PAULKu67fkT07X10NME8ZAh9fjhIhSaY62ec/meCI:yDa2PAULKu67fkT07X10NQZ13I

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2636	msedge.exe
2636	msedge.exe
884	msedge.exe
884	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1332	884	msedge.exe	83
PID 884 wrote to memory of 1332	884	msedge.exe	83
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2080	884	msedge.exe	84
PID 884 wrote to memory of 2636	884	msedge.exe	85
PID 884 wrote to memory of 2636	884	msedge.exe	85
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86
PID 884 wrote to memory of 4964	884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\da31ae7063bc2f16f3ce12213b203468_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff631046f8,0x7fff63104708,0x7fff63104718
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18331885841175289120,18348468940355499984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9d73570a0fa05f0706fb76f4d3370953

SHA1
3af385c5b245c094ba7a0ef1325c46365bbad55c

SHA256
63284efc7664b6534352dba341f25d3749bd88d3c34ac830af99f49ad01ace9e

SHA512
6a0d6de79e5543fcac03627bd428179700b6d7ee671c911fdabcfb90f67376ebb5642165dea669f0e734dd1d1fd80a846e6f7cd1d1a6216499efb6063e206dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5492e29a45419bb501c0625d39777a14

SHA1
7c6878aa46c09c6168d8075e5faad9578e1eeb9f

SHA256
d725fbc5f0a5c39a5e6d7913dd0e218533c91fb6568d005fc95defbd2fe4ac9d

SHA512
faf1a9f52d8cf60d3b656ed852c7af66df4d0e62430b64b2cda8997a5819d9524feff95aa75a687b744db37f4a444354a917dbb629a051ca65f39f88297562ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cdd95edf190706361aa11cd80b17ce99

SHA1
a7ebaadc5f9d6590b68528f6708f9e2cbcb5a7f7

SHA256
b029b9c82ca3300efc05fc526b75b85c1d1266de4f7fe20defc2478cf341d188

SHA512
6b12b5e3a8e955079f5d34dab7902ca8ac0125e395d54a1064686f789938bdbf2c5f19af4ced52ed54aadd5e3b5290f1b1c46bd093fc17a2adf085cc1666d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6edeaec7b1e9e0baa81a2e446ee425bf

SHA1
58a009fa6b6b9d3030ac7df11677dbb9b3f6238b

SHA256
6a364d9bde7c3ff4820eee6136b3c916b72f2cd3aed0e00473ace9020b45599c

SHA512
9b7a4e201ed629dceec0101f7042abd3105552df75b70e21658cbb84196eb9e8e7b7e1112b74327bd6cdf59075fb23cd8b17bc295d280df8c6b0052622e8e4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a2f1b690ba4d0f27395c6ed6348fc38

SHA1
27f95c0af12c8ea3669b1518c700c88f36b0e964

SHA256
83805b346a802d30e585b1388350ddc0d6d569e2abbf1b71a965ed322f87479d

SHA512
763afafcada71140c23fdd2389c2fa97a78f91e1a97139ba28e96cf24bc125fe444cd7489a6a54b37b135fefb0e4347f1d107060c6f3ad5be213ac27fd20510c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
984f2b38bf6e1c26d08fd0840f0040af

SHA1
45b5a3dd480e11092d7a18bc8e10a8a8c7896c54

SHA256
4edc92e9a63a9c346e4c8f7d1d6fccfb0ffce28945002a014558499e86fa2355

SHA512
a8985895a1f0f2cb68dc184d0b6c4c7f98338f70d8da9bbce963f0c7140976152dbc4afa35e3bc54cc1f065c8f531acf7d543bacb381f0051fffe27c3ddda9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dec28934-7128-40be-ac29-6ac051e886cb.tmp

Filesize
1KB

MD5
6b33bcb39b8d4c28d4991912cb6009d2

SHA1
310c5667ca5720177b831bdbdb7fae41450d4c09

SHA256
8ef420c90e18ed81a3063f3e36d93f8f586d5076ec1f83b758d4d49499959ad3

SHA512
c36d1f4341be1accda4a61831298deac242dc1ed6d9ce7ab3cb2ebff66ffcf688f32b1135b9f89ce7305af4996d519d8b840bac6bf1cbde93595332596ecc171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b1292d3c39f6180037829bfcdf9163c

SHA1
6da24fd1a26cb5bb4ab0846d6e93400c61dc5d91

SHA256
2d8606b4213bc297e1fa1a99a5a6ccd13dc07b60d730642e42f1df662fe29f1a

SHA512
a8c48a5fbaf7aaa00febf6743ec3c68f446382a2389b79ea22a02aeaaac2aeb0a17e64ccea14e9de741f71c071342b61054545d34ea8431ccbd3ae55a29a0488

Download Submit