a9c993ca881cf887cb1e634341db35f96714309962d76843fb15af0fed7968bd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea2028086a1a6b3ee3e96f1f89fa627a_JaffaCakes118.html
Size

92KB
MD5

ea2028086a1a6b3ee3e96f1f89fa627a
SHA1

cb0741ea3d1cb1ebbcde9b457f691a9a001cb3b0
SHA256

a9c993ca881cf887cb1e634341db35f96714309962d76843fb15af0fed7968bd
SHA512

8d59839ffde2da35a5c5d494e8af2e104d524c32323adf94f8776fbb4c98413b46939feac8ad0286f436c1d8f342a7633cd457cba0d69b1199ace9203dd4247f
SSDEEP

1536:Yf7uqEGOSwgQ7543Ww5xLw9T6U1afyHHyQ1ontGZ9MDO:sBEPSwbV43WQxLw9OU1afntGZ+DO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
808	msedge.exe
808	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 964	808	msedge.exe	84
PID 808 wrote to memory of 964	808	msedge.exe	84
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 4816	808	msedge.exe	85
PID 808 wrote to memory of 2308	808	msedge.exe	86
PID 808 wrote to memory of 2308	808	msedge.exe	86
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87
PID 808 wrote to memory of 2948	808	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea2028086a1a6b3ee3e96f1f89fa627a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1151006926617688607,6389088828888451606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
81e523cdc4f4692e1e53f9cce4870dc3

SHA1
b68659353367c03ac5f42c9a68c78ae4122b1113

SHA256
7409fc8299fe093b04ccc3b27c25f3812d70a0aa652fc921b362938d20361b5c

SHA512
e02ef8c49c237ddba2b08134563a4e7ce277730ce1b08a5624088a9a42ef099391b302fa347db951b4f908ac9e1c33f1c29b321fa2bfc40d546d7d18211c05a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c1ac4a616eb1108774f93d0ae1f0e9c6

SHA1
24e27657f60d4d837f51fa3cf659b68da2a2acad

SHA256
db536e0876823b8ea00fc8351a087a6922e0485c5554bddfb16154074c0820bc

SHA512
a778a8c0b2224e3d0ae990d32b4f95379bae803b4bed5978c63ba29e9b72ba876f2fb9de67fdd372db72df95795cd4a8072b21b28c9a710b772be33fef0d0fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7f942a81860569462d9ec8e8d0238519

SHA1
7b08bd2106fa1f521938e3808d1eab6fa692404f

SHA256
571fc322c470cec013692e20636b2b8054e4608ab0a49521f0a50844423f07c9

SHA512
8e833fb71bd82deead0d41bfd5d7f5bdcddf1525694adbce11ef9b37e9c97d24125c49d6d6cfc6c4dfb5424d7fefb03ee01b14b804a7f1c0e0a4f709d9a7a56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91b2e90d34784715f2a82bd1dc53058e

SHA1
4052c7d19ba47790ef5c24db63399da774c25677

SHA256
f17f080888e4bcb3bf5bde4a04e354052a082dc834150390e921aa9fb6372690

SHA512
58f3fdbf0070885413d101328f5662d68fbe2e95216bd472ca0205f4e028ad9dee66db130a040b66e4a06ae4b606712d738feca99ec86ce98334f9d247935fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea6602488bfc7a55271c75b243c01d0c

SHA1
8bf91b217e45dbc38a0eb98b17ec01133640398c

SHA256
d297778d850eac4f8d769e94a52ac800f7c36ab7e596d5e7adb630fde3423ab3

SHA512
59ee2612b32d2523c3bb7f7f0c264eb26057796c284749918b7dfdbeb9f7b347e0b59a03241f71820008f6fa8804d45fed7a1766ec7f4744502beac73a1e65d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
264fc414ebce76c228f19a038c261d72

SHA1
78953a47651da129d8dae4f299ad11dc56592dd1

SHA256
cc1c50e0767515f54f144686c3f63e7569214503399f250c08d4c5af20fb04b1

SHA512
148145e3aa9d84573e0d2a571eaf07f43e1ae49b343f5a16079e070e2fb3b2c222c3c23ade88b6b772e96006ffb3052945694087de8e89f7577ea8ba2366db7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c25cfe693568da362147e7654d4a2ad

SHA1
0c6a19ce1833fd40a4c19be5b5633fb2599e4e37

SHA256
f9bd9bad511b6496ac85a88e22b4eb9aa41efb03421688c9969e667f920bf665

SHA512
8b82446557cddb6efb23106222ca48ef3fa8b33223b7a991569ef80eadbaad06cfba0324dd54cdbcc9e3157dffd6ae2c95a258431786dc20f0144008c9380830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa1bd03c-0647-4514-a4e7-7148bbf1cdd2.tmp

Filesize
2KB

MD5
a3e10974631f6609e2d1abb131e77ad7

SHA1
308b9a7aab47a0c9e22ae7da054369dceea22cac

SHA256
a82b41e7956f76f46617c4e3356e8aeb9451f4fab3b0135a94fe04816ad495da

SHA512
b042d43841ce5bf1e8e77da97aff130a4be9bef18ab4f92d3abb86c4541e8ebaf503103fa24175fcc5ae0f64163b78daacc7366e69a8c5b2134699b443e3d2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e709952dd2745a2053289fe7da1d382

SHA1
76f3f08284267331e4d254ce8311c29feefc50da

SHA256
74423a3085af0d8ce5570912edd9a4d23e967618bd5e02067fb23e1b00b03fa1

SHA512
3b86b04d535b49a98f61b84545fef414d708f77b19817fd03d2bc704246483021a371feacd50c035f2d0491506e37e944516113a4f87774a709c1ccd93fffdab

Download Submit