509b7c0dc5201ca02dd4139706281f18995d4873f41867cd12cf3e99702b6772

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5d04f39f07d41e2e5e3f67f0edb6364_JaffaCakes118.html
Size

140KB
MD5

f5d04f39f07d41e2e5e3f67f0edb6364
SHA1

d562b97962cc3a1f02f78e5edfa1e41e30a7c48c
SHA256

509b7c0dc5201ca02dd4139706281f18995d4873f41867cd12cf3e99702b6772
SHA512

27aaddef2adffd96b52c736013801ca9b9d32445fb6ac633c71a595af0e1b521380f3a92d12fa3bf7849e7f759587df6854971ea6675790198c0319184a2c6ad
SSDEEP

1536:zpvpDvy6h3TZ4pJ5WkwWS8G7dAuPSJi8aM3jU:zpvpDvfht4pDWkS8G7yuPSi8aM3jU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
3472	msedge.exe
3472	msedge.exe
2040	identity_helper.exe
2040	identity_helper.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4676	3472	msedge.exe	82
PID 3472 wrote to memory of 4676	3472	msedge.exe	82
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 3896	3472	msedge.exe	83
PID 3472 wrote to memory of 4688	3472	msedge.exe	84
PID 3472 wrote to memory of 4688	3472	msedge.exe	84
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85
PID 3472 wrote to memory of 3456	3472	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5d04f39f07d41e2e5e3f67f0edb6364_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9445935832127152013,9786483766900953797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
fb1aca77ec93b8ac476d00b3a0cd543d

SHA1
c8a38627e8af3cf35bbc65f4e93d0b5a4b02a14b

SHA256
371e1a8f816dd7e573140c470cd583e8bb32c3770a563a18760b199ffa9dd24d

SHA512
51ea8b69b2d00269393b6915e2ee8c187cb21757eea1abdf0853f4ca511005c11d1cad84c71dc491770f1dbf0e15d48e819904a6ad62596c3165e9ec77ab1fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a479ca2fcaff79c844326ed5465f98f4

SHA1
cda41dfc4f93653e85a1874ced6211c0397f6438

SHA256
3c91c5a138a05956e3e1d86a96237701ede18148456e2b2a0cc59957c1932dd1

SHA512
bcf9fc614f480609883df118d6c070edf62d295473f0e17b43d75170b28f3058aa4de677820f84e13f8c798b01489c1c42a5476a505ecf813c7918589de3ed8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b909300b84be8e7d972264e2842c55a

SHA1
cdc29eaccea6be476549671cfe7d69096e412d3c

SHA256
ad6d2e24a16c8d043d46398fb0b2d0a06f3c4f89660fc7b68ae3a0e32f72888f

SHA512
5504de40e66863db0a337d0524f210badb4679caed1eb0fd2a58f6b36f0514550ca33055f04f3a6becf0bc5d81bfaf2e4192d9a615ca63f8e90f4959c36fbcd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4874a8454ba506a5e6fc7ee05105a411

SHA1
5844809d2935a0a8617e47ada4fff49ee12a6a31

SHA256
a3c8fe3c91c4936538b4e3dbf24fdd2a7f8801435b390e5dd18ac7cfa2c91248

SHA512
ccf2d706baff6c0c2434dd1c3ccdd0ff3dd3cd309230a2a1e0ddfff7ff7b3a3a50a9dc905bbece7ee3731a4b3cc2bb80ec7ec30dca55106fe253f8b15b2f786f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be832c5362840a9fd91196a0f030de89

SHA1
2c4317039c6c70f27062aa82b9da0c9a7182120b

SHA256
b9fa209c38b6f3573321e6c480bf88a6e5823781eef7570189ce14da265a7f96

SHA512
fe475fe54829fc361eea01c2cb1e43354ad80f9e33cf93ed316a3c74360880a8b5c8908f38597edda875531fea4ed9c5a8561375ce5d8f9f8824e2c8c75c5d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c27d97c9737cc65d081483baf3d9ebaf

SHA1
5de45c493ca343c9c47437e09da555433237adc7

SHA256
b03ef2163189b8a4177a2790153ce3eee9c33f5b227d86fa10993fa9183b861b

SHA512
1faaa13278cd97f195cda0a24fb33afb4a44d8d59d947d11ad8aa4f2e0b63dcbc080bc6c8d96f3c7b497575313e42f3ff4721bf94ae5c2c3f7ae7b518e914385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57428402e2f5e4155a01dc7811f630c4

SHA1
e7e5627cc3ae4ecc88f30b848f471e7d35ca04eb

SHA256
85c07c2f0008c39265b4ef1598ebb921f3bd4a82cdba8a45bd1179ef058d72d4

SHA512
dbe3a0b2ab3387302ee22c06936141bc8d07e62b7e32efb4fdabd05775283d9b9004f42e506ea9b542e10637f8c1db49683565fec953b303884f314f8b2dc0c4

Download Submit