5490e083e456244779ff45bf34a4d1ddf1b8865049354982a192a018b63d2642

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efd054063edb0def783a0d3cab12daa9_JaffaCakes118.html
Size

106KB
MD5

efd054063edb0def783a0d3cab12daa9
SHA1

5eb7a8c9a194081b02e39f0f83a7aebd949ec078
SHA256

5490e083e456244779ff45bf34a4d1ddf1b8865049354982a192a018b63d2642
SHA512

dee0d0ca1134bdc66a9db69c87b9ae31e3259bff9eb6b773b8e1c302a0015c6fe078ec691b8b702a0edbc8b5d18496943c1392fa289d2bb91285268189f39c1c
SSDEEP

1536:gOxcGpR09Phq8+YWoT/dq2LUQGxl+yZf+LGqSjHD9rCX7CesIWsW6pIM/XSD4:gS8+YWoTXK8SX9rCX7CeYsDIM/XSD4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
1884	msedge.exe
1884	msedge.exe
3812	identity_helper.exe
3812	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1428	1884	msedge.exe	82
PID 1884 wrote to memory of 1428	1884	msedge.exe	82
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 1680	1884	msedge.exe	83
PID 1884 wrote to memory of 3688	1884	msedge.exe	84
PID 1884 wrote to memory of 3688	1884	msedge.exe	84
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85
PID 1884 wrote to memory of 4124	1884	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\efd054063edb0def783a0d3cab12daa9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa62ab46f8,0x7ffa62ab4708,0x7ffa62ab4718
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16225980111432078351,10232664270072024465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6284e917f1f9b31123002bf9544bed22

SHA1
174ea48b489166daea854538a2d20aa28e1eec38

SHA256
a63a766445e4f69d78c8fb092126e73ae7fcfcbe5afd3e2e1a49bfa8e91b9f0b

SHA512
bae28c0908d1f0a6640f707a38825da2433efac920efc7645aca112dd7bba858c140046b3dd96dce84ffc2db809420df3151716843ca5e8e283cfc9f762e5b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c78e80e0d21111148e9b2f46c6cdad93

SHA1
7b21e2f963e0164b402d671cba7b43e09062c579

SHA256
2429a475a9fcf433e6607fb0ddb8e3c2d2e28b4e2996db1abad0f9a9333a1aec

SHA512
897fb370fa2b69eccff7fe6f7e0d539596c1d8f00831c778bd858dac406bf93a67316bc12e4f28acf0131bd0109636e5025e33ae95d9f8e467e394da6d98a935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fc1bb176bc0cbcd39c68289ca1543063

SHA1
6b8a16eeac775309cf2b9d9629ac6966b159b35e

SHA256
bc7e8e1634c54bdce3caeff1c946ab9cca620991dcb8b021f5b624124909b08f

SHA512
632e19f6ea19c99a79b0d5a8abb6df71f20ddbfbbe66528d4e5d140e8783a38f3c577500ce8b1a286048bed041208e44924fa2eae9c300561665ecdc72f8b736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ef94a1290af74362166bf39041ec11b

SHA1
15f3f1348dd28c3c88fce5d892c3a7aaea0ca69b

SHA256
5bd837bf160515350a11c2ee51c97d12957e07fab40369871a39ae7ffe47fd9c

SHA512
d0e148d57ce2d310cfcfadb35d4f402e4b62975d3e3b203e86074d4d3f885fdbdf5df0eb1f1c5171baef0e495e90561b42dd7505ca63c2a82b343fd314b593b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb482b3961ade0c6ae787643552dc613

SHA1
eb680d8173bd0b935b36e2b39c25d96dce2fff04

SHA256
023c03ee72ab81343d2133e8625e20f59f24f28f1efd017d7523e2c3e80008d6

SHA512
355aaad1297bdf93e772adc7b27486cabd9c285f32aaeb1271c7af0dc7de058ee8eeab71e4ae321274815f26b00e17a2448035bc215214ab1b9a07485b340963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32014c7a547243035db33f182605978f

SHA1
20eedd62f4eb4e18697ed20d86917f57925fb7c1

SHA256
d0a0fe9e1eed6ecbf059d65c7e6fcfee4d55e184694c87222de40cc35cd9a69b

SHA512
553a98bfb671617e9bfa83269c9242ce71878b717694b63e20cd3c7f817a19dc349a0e32d9e2d34f4ddbfe67c73d0dc80d50b234c17e632e374831aee1fe6789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d276840dec00c25ac0facaabad5ff78

SHA1
f7c992081054d6c1ee0f26dd6004b529de4e204b

SHA256
4ca9d72de32b6ef7f879536813f990f6acfe420f0a0ae976091ed55cbe1bbd84

SHA512
e78aa53bdaddb5b455ee53b912422ee32298f01fe963c0f67b675cc61745f3966d6ad2a66443d9572a3fed2e7004e863ece04f2a9bdf71f3b78093c01722a87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1e35e435f10260b96832b69dac40ca6

SHA1
d3f8334ee2f89758f720a8f2294ba74818ccd979

SHA256
b058e699846760eb770d05c37049270d343ce56ea0e22223e6f14a75ba7f9d33

SHA512
77fe1825ab227850f2b1a6ba8f2078957cc764ed91bac4ab390a3b666014282b8f1594ffbe9ac126bce89bbbf509a193819bf4ad3e65682a113fec49382d55dc

Download Submit