f9ea54b3bcb6fb1c1c8f88729d35b8641a6ecb0a218a5cc2a520ad2ebc65e909

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0da00b98df0e4c43ef6581e00ed8548_JaffaCakes118.html
Size

112KB
MD5

e0da00b98df0e4c43ef6581e00ed8548
SHA1

4d4bcbfb51c67c1c94ade6c175dac5b02bc0c9e4
SHA256

f9ea54b3bcb6fb1c1c8f88729d35b8641a6ecb0a218a5cc2a520ad2ebc65e909
SHA512

7da7df6ce66d461879803e9381f284743983abc7e551fc69d875e6e6c3934ec4d156b352919c655f08416aca204844a11dc764adcf61c7b48f771e57edc9eba9
SSDEEP

1536:PiuizmZ8bFiqpB62M4JVuvb1iKyw9Fe0aYMt6yAy4t4elY1C9s+Fxt2tzWYDbPcd:Piu8M4JPs9E0aYMt6yA9xt2tzWYDbPQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2880	msedge.exe
2880	msedge.exe
812	identity_helper.exe
812	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 4564	2880	msedge.exe	83
PID 2880 wrote to memory of 4564	2880	msedge.exe	83
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2916	2880	msedge.exe	85
PID 2880 wrote to memory of 2452	2880	msedge.exe	86
PID 2880 wrote to memory of 2452	2880	msedge.exe	86
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87
PID 2880 wrote to memory of 400	2880	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0da00b98df0e4c43ef6581e00ed8548_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34846f8,0x7ffcb3484708,0x7ffcb3484718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,6375886722538935805,1999122867054306473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3922c1b496a7e84fafd14b3f06f27e42

SHA1
2d59e9a74e1d3f3265c71755e7cc675d55c0366b

SHA256
7f76efd8e52fff0ca6f68262fbea25cc155e2561b6c36a8bf7dc81ca0580c7ee

SHA512
4cd6c93fbdbad548428b1a91a09cd898ea6945dc7e7a87a68c142e3fa79e184f9fa8f24dc13241a78f504f0532e2b9477bf88d7cb0490b3755433e1d40237dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e61e53fab32504e60e7cee0af201c145

SHA1
f8dbd83aaebcaea98c482e1b144745755fa2f036

SHA256
f516691c1f9c0ce634502170dd605b115ec7e180164aa475c063bffac76d8998

SHA512
fca35e3dc061bdd9e870fd14178946b00178021c1d5fd7c70ca8708730a1024183fe262855583bda8c8bddfe86af43761f58b72295ea98982e82c4478c2b60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
557936c875f6d7579681a7c308293a7e

SHA1
57a5f233a59145128d362f26fb5d2501fa0fe1a7

SHA256
02e1f062116187cb70e3fd621c6d10c558f5762a65f226cc36f575d21dbcbe05

SHA512
855db1f45410956165c552a8162aa5c97541db71ebf21bb9e039ed26ead2619c2c3f8104b07432170dc4eea3ee1306493c49f887aca3e1105fe16e8fcc9a5520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ccf2f1cb7767a190ef3b2d62f21befac

SHA1
69548ae712f9718e9a20e31ced12f3face641c23

SHA256
c0ef62dc9b05f9f65a4dec626093636d129ccc4ee58efcc98e6f395acaa74e37

SHA512
4bbf501277f2fe7041385b8d8ef0ba4598ec5dab066732b3eed3246eb82f864d5db13b417ac56ea0cff1e51375eea9dbd16a7537431ae366bf9f0d1c57eb34ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ba05ff8c294900b2deed94709910fb4

SHA1
e3f8c8358b1783a21d309f42b198422141d085d2

SHA256
7d3865b303b8bc9e16e3e46fef90fb3e3d2fe1519edbf77e41dc80aacceb4c07

SHA512
0f0eea3f4f541bf00d16ced0bf5e5e8faea6dc822eea734c3d0fd47c40e8fef8828ab7f946190f1358fe13ae905fc1f5c89887a4cd02d1de16ede630b10f2a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fe32eef43db504f1fa254b263799574

SHA1
3fc940b5b87249b54cefe3c4145952e95f24cac0

SHA256
b3898b031d519343877e6668c4b8faff1697098185f5eb9be27132a439babefa

SHA512
9b80e14a204feae1869220ec6931ab0d1e4279bec64878140b956a76301cac12aabba308e5a042db6e8553f5b840054199fcfe11c36d660a018257379a4c0fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf39666fd2952249c48c22ac57af0c14

SHA1
f2d3b5d657f25c0876e83d5115876113d82d8b76

SHA256
f55ee1ec66cb74ac31e20de1a8df7770330fbd490696d506130a31c7eb9ae9d7

SHA512
1676357c08397e309eb2fa5fde79ca5378720c817561ef537b2a381b09f08d87e85e962961ead076d6a5b8b93d546a9fd403472d6f68c7f61bfa54a8b904f8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9bc9120c286862c37ec19e178978b8c6

SHA1
a5b87d66cc25eb926baa8511cab1a0aebcdb91cb

SHA256
75c64c2a7112984162d07568e6e0a11186b33e13e25289892493438a32f97d42

SHA512
2f05c13c67c6a153c6653a4d1b0d1043e71819bfe17be27a46588a193ba07eb596c4f5649e8ad3037379df1b0c5fce9d31ab6569cce9f4af4db6340edbc16d3d

Download Submit