d2483a3108e8aa09478c7bae8513bac5a14e2774e7faceeb544bbfd28465338e

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eff9894c04a2f881e9b7a9579feb2024_JaffaCakes118.html
Size

37KB
MD5

eff9894c04a2f881e9b7a9579feb2024
SHA1

34bbf84dbcb6fb932b9bc9300156703e6beca2ae
SHA256

d2483a3108e8aa09478c7bae8513bac5a14e2774e7faceeb544bbfd28465338e
SHA512

5e4a68728e9db8f484b8a8ce53b93c3761852fa933a638c1b630c302bae60dac4dc40aa546957535554dafaa489bb3dd48139177926609720ce61c8421cde766
SSDEEP

768:A4DyHHFPkzeuq1kr0oA5kYTWE+9l9Vtr+/O9ynBH:IHHCzeuq1E/KkY1SYO94

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
5004	msedge.exe
5004	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 2756	5004	msedge.exe	82
PID 5004 wrote to memory of 2756	5004	msedge.exe	82
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	83
PID 5004 wrote to memory of 2596	5004	msedge.exe	84
PID 5004 wrote to memory of 2596	5004	msedge.exe	84
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85
PID 5004 wrote to memory of 4016	5004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eff9894c04a2f881e9b7a9579feb2024_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe26cb46f8,0x7ffe26cb4708,0x7ffe26cb4718
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13951076900088967044,6068829930649433619,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b444dd4-a4a7-4390-b4ec-f65fdeabcf33.tmp

Filesize
6KB

MD5
7078b72227937806c05a8204ae781576

SHA1
09e4dcc50b5037642ecbbd85836da18c42f280b6

SHA256
9a6da4b6ccb261a65bce76d3869f55521bc48a9e5bf0efaa8ed8da32749ab29e

SHA512
f4c0c284c07a991632364503d62845a1b0e3222d67a6d9ddd7a781f3adeab3cd10bbe60fe969022528321aa9b3c1a983c182e693372612e9e10e47103e63d1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9aa7002523e6df3bdc839a6f26af71d5

SHA1
8bde9dc977cd5dae208a92c584ed4a840fe07dab

SHA256
f69f79bbd853611e85fed822c4108c8015c37ba3df7cdb3c102cf3ac7cfce000

SHA512
947a15b78903f407808df223865fd127eaa35ecf4616fefc4bbe8983449c2d5e585e4fca9d00955f038e164b271be82b0cf02bf190545b0b4cce1faab20d2c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8779ece77549ef62c99ef9bd17ba26c3

SHA1
594eb7a509f75e766c7fc0067a0bdd596b2e5375

SHA256
a9e148f7e24c113681e8dd79e210ff95b77ba0be63a7f6b6283c7d4f55e673c0

SHA512
62fb99c981170bec1ba411b0b8db5801f40270e78fe8d4d3b958e1991e74e4481fc99f945dcf497fbf1bfc31415f980767a266ad393b1cfcbacb5e17031bdd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bcd9057f7ab204075b1dd415fcbf1bb6

SHA1
d1f6a3459dc74c8fe6bad449cc98c3565d9c5e70

SHA256
84178a2295021b460bdc93285a740b38c24b76de99790c4a72b959a6e3bdd38b

SHA512
650c0b8340817f098a6151b66519d18c664e7fbcfb0e5c2900c9effaf26f4ac9968ce10ead4e16f6d1dc4c2837ee3f366b549c491e4540d7a4cfa38c3e0edb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf06c2c1f3b1979058871fb5b2e86c9a

SHA1
d84e0fa7a80885d46c245c8906839a4d82841afe

SHA256
cddfdcb1d15db3355088beb560e11d6a975d2834eefc1199d27627c30174db64

SHA512
50f34775606625d88777e98a1cf3b295e1cb2de20cc9275b25b67c2d1e315b2d74e172e4d09949e8780b45bf86cbee320498a4c81a5ff47d462bc13619956c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b012dc3f39e17647f748cf63b2a4e9cc

SHA1
af932962fa6301128276169c14c5bac32952a523

SHA256
96655bb195a65113c1b274217872bdbae89a77c5235298c0dbb6d9b9d76972ce

SHA512
1c871c84ec6ee293d7eebf16d18097316fc320fe36d173f3746c83f2f4adf495003e728b4effdefe73495a85e78a01c5bcf47f07b49c751cb3912e98c4fc7b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01d78b8d9cc372fd6790929e2bb49379

SHA1
b4ef1b957c79d26ba589ab78e98bccffab05e756

SHA256
78be2bc03d5aafa239efdbf14ef9ad35bbd34f1bde5824034b54041e77c9ea4f

SHA512
291d6c9b08b812381b2f8106a46c9fa37c2ab9ca468a2a7d1f80c882c3297e7702a0220cea5cf2c09d34ea9a015254fe90285f8f286865e3417663cfbba9f255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34d4d7f005a1444c361c567164da6b83

SHA1
5549defef4e69d7d17a6cf428fddc92a887127e3

SHA256
fc8529cd1fd4472115cbcb8212d1f28ad4776ddd50dbb1989916b148fe924c93

SHA512
8070b79d58a075ead74370092babfccc04234a68680b93facd1a9e39fafbcdca55f7e6e3c1ddb7d0c5e4e5e49bd9af6828f9997abd1ce1a19987706783d364a2

Download Submit